Skip to main content

TRENDnet TEW-821DAP EUVDEUVD-2026-26773

| CVE-2026-7609 LOW
OS Command Injection (CWE-78)
2026-05-02 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
May 02, 2026 - 10:22 NVD
MEDIUM LOW
CVSS changed
May 02, 2026 - 10:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
PoC Detected
May 02, 2026 - 10:16 vuln.today
Public exploit code
Analysis Generated
May 02, 2026 - 10:00 vuln.today
EUVD ID Assigned
May 02, 2026 - 09:30 euvd
EUVD-2026-26773
Analysis Generated
May 02, 2026 - 09:30 vuln.today
CVE Published
May 02, 2026 - 09:00 nvd
LOW 2.1

DescriptionCVE.org

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

OS command injection in TRENDnet TEW-821DAP firmware up to version 1.12B01 allows authenticated remote attackers to execute arbitrary commands via the tools_diagnostic function in the firmware update component. The vulnerability affects only end-of-life hardware (version v1.xR) discontinued 8 years ago, significantly limiting practical exposure despite publicly available exploit code.

Technical ContextAI

The vulnerability exists in the firmware update component of the TEW-821DAP wireless device, specifically in the tools_diagnostic function within the /tmp/diagnostic file. CWE-78 (Improper Neutralization of Special Elements used in an OS Command) indicates the firmware fails to properly sanitize user input before passing it to OS command execution routines. The device accepts unauthenticated network connections but requires login credentials (PR:L per CVSS vector) to reach the vulnerable endpoint, suggesting the function is accessible after user authentication.

RemediationAI

No vendor-released security patch is available, as the product reached end-of-life status years before this vulnerability was disclosed. Organizations operating TEW-821DAP v1.xR hardware should immediately retire and replace the device with a current, vendor-supported wireless access point model. If immediate replacement is not feasible due to operational constraints, implement compensating controls: restrict network access to the device's web management interface via network segmentation or firewall rules blocking TCP/UDP ports used for firmware updates and management functions, require VPN or IP-based access control lists limiting connections to trusted administrative networks only, and disable or restrict the firmware update functionality if the device configuration allows disabling specific features. Monitor device logs for authentication attempts and command injection patterns. Document the device's EOL status in your asset inventory and create a retirement timeline to eliminate the risk entirely.

Share

EUVD-2026-26773 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy