Is there a public PoC exploit available for CVE-2026-7609?

Yes, a public proof-of-concept exploit is available for CVE-2026-7609. Prioritise patching immediately. EPSS: 0.8%.

TRENDnet TEW-821DAP CVE-2026-7609

Q: What is the CVSS score of CVE-2026-7609?

CVE-2026-7609 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.8%.

EUVD-2026-26773 LOW

OS Command Injection (CWE-78)

2026-05-02 VulDB

Command Injection

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 02, 2026 - 10:22 NVD

MEDIUM LOW

CVSS changed

May 02, 2026 - 10:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

PoC Detected

May 02, 2026 - 10:16 vuln.today

Public exploit code

Analysis Generated

May 02, 2026 - 10:00 vuln.today

EUVD ID Assigned

May 02, 2026 - 09:30 euvd

EUVD-2026-26773

Analysis Generated

May 02, 2026 - 09:30 vuln.today

CVE Published

May 02, 2026 - 09:00 nvd

LOW 2.1

DescriptionNVD

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

OS command injection in TRENDnet TEW-821DAP firmware up to version 1.12B01 allows authenticated remote attackers to execute arbitrary commands via the tools_diagnostic function in the firmware update component. The vulnerability affects only end-of-life hardware (version v1.xR) discontinued 8 years ago, significantly limiting practical exposure despite publicly available exploit code.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7609 vulnerability details – vuln.today

Back