Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
OS command injection in TRENDnet TEW-821DAP firmware up to version 1.12B01 allows authenticated remote attackers to execute arbitrary commands via the tools_diagnostic function in the firmware update component. The vulnerability affects only end-of-life hardware (version v1.xR) discontinued 8 years ago, significantly limiting practical exposure despite publicly available exploit code.
Technical ContextAI
The vulnerability exists in the firmware update component of the TEW-821DAP wireless device, specifically in the tools_diagnostic function within the /tmp/diagnostic file. CWE-78 (Improper Neutralization of Special Elements used in an OS Command) indicates the firmware fails to properly sanitize user input before passing it to OS command execution routines. The device accepts unauthenticated network connections but requires login credentials (PR:L per CVSS vector) to reach the vulnerable endpoint, suggesting the function is accessible after user authentication.
RemediationAI
No vendor-released security patch is available, as the product reached end-of-life status years before this vulnerability was disclosed. Organizations operating TEW-821DAP v1.xR hardware should immediately retire and replace the device with a current, vendor-supported wireless access point model. If immediate replacement is not feasible due to operational constraints, implement compensating controls: restrict network access to the device's web management interface via network segmentation or firewall rules blocking TCP/UDP ports used for firmware updates and management functions, require VPN or IP-based access control lists limiting connections to trusted administrative networks only, and disable or restrict the firmware update functionality if the device configuration allows disabling specific features. Monitor device logs for authentication attempts and command injection patterns. Document the device's EOL status in your asset inventory and create a retirement timeline to eliminate the risk entirely.
More in Tew 821Dap
View allBuffer overflow in the TRENDnet TEW-821DAP (firmware 1.12B01) wireless access point lets an authenticated remote attacke
Buffer overflow in the TRENDnet TEW-821DAP (v1.0R, firmware 1.12B01) dual-band access point lets an authenticated remote
Remote authenticated attackers can execute arbitrary code on TRENDnet TEW-821DAP v1.xR hardware running firmware 1.12B01
Insufficient verification of firmware authenticity in TRENDnet TEW-821DAP up to version 1.12B01 allows remote attackers
Insufficient verification of data authenticity in the firmware update handler of TRENDnet TEW-821DAP 1.12B01 allows remo
OS command injection in TRENDnet TEW-821DAP up to firmware version 1.12B01 allows authenticated local attackers to execu
OS command injection in TRENDnet TEW-821DAP firmware 1.11B03 allows a network-adjacent authenticated attacker to execute
OS command injection in the TRENDnet TEW-821DAP 1.11B03 wireless access point allows authenticated remote attackers to e
TRENDnet TEW-821DAP firmware version 1.12B01 transmits sensitive information in cleartext via the /www/cgi/ssi endpoint
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26773