Skip to main content

TRENDnet TEW-821DAP CVE-2026-15485

| EUVDEUVD-2026-43207 MEDIUM
OS Command Injection (CWE-78)
2026-07-12 VulDB GHSA-xc6j-94q8-rmwc
5.3
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.9 CRITICAL

OS command injection on embedded Linux yields full device control; AV:N and PR:L reflect authenticated web admin access; scope change to underlying OS justifies S:C and H/H/H impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 12, 2026 - 07:58 vuln.today

DescriptionCVE.org

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub_43F2C4 of the file /goform/tools_nslookup of the component DNS Lookup Handler. This manipulation of the argument nslookup_target/dns_server causes os command injection. The attack can be initiated remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. " This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

OS command injection in the TRENDnet TEW-821DAP 1.11B03 wireless access point allows authenticated remote attackers to execute arbitrary operating system commands by manipulating the nslookup_target or dns_server arguments passed to the DNS Lookup Handler at /goform/tools_nslookup (function sub_43F2C4). The affected device is end-of-life and the vendor has explicitly declined to patch it, stating they cannot confirm the vulnerability's existence for the TEW-821DAP v1.0R. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to TEW-821DAP admin interface
Delivery
Navigate to /goform/tools_nslookup DNS Lookup Handler
Exploit
Inject OS commands via nslookup_target or dns_server parameter
Execution
sub_43F2C4 passes unsanitized input to OS shell
Persist
Execute arbitrary commands on embedded Linux system
Impact
Achieve full device compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires an attacker to hold valid credentials for the TEW-821DAP web administration interface (at minimum low-privilege access, as reflected in PR:L of the CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L) scores 5.3, which significantly undersells the realistic impact of OS command injection on an embedded Linux device - full shell access typically yields complete compromise of confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated attacker with low-privilege credentials to the TEW-821DAP admin interface navigates to the DNS Lookup diagnostic page and submits a crafted value in the nslookup_target or dns_server field containing shell metacharacters (e.g., a semicolon followed by a system command). The sub_43F2C4 function passes this input directly to the OS shell, executing the injected command with the privileges of the web server process - typically root on embedded Linux devices of this class. …
Remediation No official vendor-released patch exists for this EOL product; TRENDnet has explicitly declined to address this vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15485 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy