A null pointer dereference occurs when the Gladinet Triofox web server receives an HTTP request whose URL path starts with /status or /sysinfo. Under normal conditions the WOSHttpStatusModule.dll would be loaded and its entry point WOSBin_LoadHttpModule would initialize the module. Because the DLL is missing, the function pointer is set to NULL and the server attempts to call address 0. This causes the process handling the request to crash and the request to fail, resulting in a denial‑of‑service for that session. The flaw is a classic NULL Pointer Dereference (CWE‑476) and does not provide a path for arbitrary code execution; its impact is limited to service availability rather than confidentiality or integrity.

The vulnerability affects the Gladinet Triofox product suite. Exact affected versions are not enumerated in the CVE, so any installation that lacks the WOSHttpStatusModule.dll and processes the /status or /sysinfo paths may be vulnerable.

The CVSS base score of 7.5 indicates high severity with medium likelihood of exploitation under typical conditions. EPSS data is not available, but the attack can be triggered remotely by submitting an HTTP request to the specified URL paths without authentication. The exploit immediately disrupts legitimate traffic, creating a denial of service. Because the flaw is a NULL pointer dereference rather than an injection or privilege escalation, the risk is confined to availability; it does not threaten confidentiality or integrity. The vulnerability is not listed in the CISA KEV catalog, so no public exploits are confirmed, yet the simplicity of the trigger makes it attractive for automated scanners.