Skip to main content

TRENDnet TEW-821DAP EUVDEUVD-2026-26775

| CVE-2026-7611 MEDIUM
Insufficient Verification of Data Authenticity (CWE-345)
2026-05-02 VulDB
6.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Generated
May 02, 2026 - 10:30 vuln.today
Severity Changed
May 02, 2026 - 10:22 NVD
LOW MEDIUM
CVSS changed
May 02, 2026 - 10:22 NVD
3.7 (LOW) 6.3 (MEDIUM)
EUVD ID Assigned
May 02, 2026 - 10:00 euvd
EUVD-2026-26775
Analysis Generated
May 02, 2026 - 10:00 vuln.today
Patch released
May 02, 2026 - 10:00 nvd
Patch available
CVE Published
May 02, 2026 - 09:30 nvd
MEDIUM 6.3

DescriptionCVE.org

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Insufficient verification of firmware authenticity in TRENDnet TEW-821DAP up to version 1.12B01 allows remote attackers to manipulate firmware updates through the cameo_dev.sh update handler, potentially leading to information disclosure. The vulnerability requires high attack complexity and difficult exploitation conditions. The affected hardware (v1.xR) reached end-of-life eight years ago and is no longer supported by the vendor, significantly limiting real-world exposure.

Technical ContextAI

The vulnerability exists in the platform_do_upgrade_cameo_dev function within the cameo_dev.sh firmware update handler component (CWE-345: Insufficient Verification of Data Authenticity). The firmware update mechanism fails to properly validate the authenticity and integrity of firmware images before processing them. This affects TRENDnet's wireless router/access point (TEW-821DAP, CPE: cpe:2.3:a:trendnet:tew-821dap:*:*:*:*:*:*:*:*) specifically when running on hardware version v1.xR. The lack of cryptographic verification or signature validation on firmware packages creates a window for unauthorized firmware modifications, though the practical impact is constrained by the attack complexity and the obsolescence of the target hardware.

RemediationAI

If any TEW-821DAP v1.xR hardware remains in operation, apply the vendor-available firmware patch referenced in the GitHub repository (https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Inte.md). However, given the eight-year end-of-life status, the vendor no longer provides formal support or security updates. For organizations still operating this hardware, the recommended approach is immediate replacement with current-generation TRENDnet networking equipment that receives active security patching. If hardware replacement is not immediately feasible, network segmentation to restrict firmware update channels (block access to untrusted firmware sources via firewall rules) and disabling remote firmware updates if the interface supports it will reduce attack surface, though these do not eliminate the vulnerability itself. Physical security of network devices and monitoring for unexpected firmware update activities provide compensating controls.

Share

EUVD-2026-26775 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy