Skip to main content

TRENDnet TEW-821DAP CVE-2026-7610

| EUVDEUVD-2026-26774 LOW
Cleartext Transmission of Sensitive Information (CWE-319)
2026-05-02 VulDB
2.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.9 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
CVSS changed
May 02, 2026 - 10:22 NVD
3.7 (LOW) 2.9 (LOW)
Analysis Generated
May 02, 2026 - 10:01 vuln.today
EUVD ID Assigned
May 02, 2026 - 09:30 euvd
EUVD-2026-26774
Analysis Generated
May 02, 2026 - 09:30 vuln.today
Patch released
May 02, 2026 - 09:30 nvd
Patch available
CVE Published
May 02, 2026 - 09:15 nvd
LOW 2.9

DescriptionCVE.org

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

TRENDnet TEW-821DAP firmware version 1.12B01 transmits sensitive information in cleartext via the /www/cgi/ssi endpoint during firmware updates, allowing remote unauthenticated attackers to intercept credentials or configuration data. The vulnerability affects end-of-life hardware (version v1.xR) discontinued 8 years ago and no longer supported by the vendor. Public exploit code is available, though the attack requires high complexity conditions to execute successfully.

Technical ContextAI

The vulnerability exists in the firmware update component of the TEW-821DAP wireless access point, specifically in the /www/cgi/ssi CGI script handler. The root cause (CWE-319: Cleartext Transmission of Sensitive Information) indicates that authentication credentials or sensitive configuration parameters transmitted during the firmware update process are not encrypted over the network. This legacy device likely uses HTTP without TLS or similar transport-layer security for administrative functions. The affected CPE indicates all versions of the TEW-821DAP firmware are potentially vulnerable, though the vendor confirms that only firmware 1.12B01 designed for hardware revision v1.xR exhibits this flaw.

RemediationAI

The vendor states a patch is available, though specific patched firmware versions are not identified in the provided data. Organizations still operating TRENDnet TEW-821DAP v1.xR hardware should contact TRENDnet support for available firmware updates, or migrate to currently supported access point hardware with modern security practices (TLS-encrypted management interfaces, recent firmware with security updates). If firmware updates cannot be applied due to lack of vendor support, implement compensating controls: restrict firmware update operations to isolated management networks with end-to-end encryption (VPN or console access only), disable remote management interfaces, and ensure firmware updates occur only over encrypted channels. The vendor's end-of-life status means no active security maintenance is expected, and continued use of this hardware poses cumulative security risk beyond this single vulnerability.

Share

CVE-2026-7610 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy