Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable management interface requires low-privilege credentials (PR:L); OS command injection on embedded root-webserver yields full device compromise (C:H/I:H/A:H) with no scope change.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. " This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
OS command injection in the TRENDnet TEW-821DAP wireless access point firmware enables authenticated remote attackers to execute arbitrary operating system commands by manipulating the Hostname parameter submitted to the /goform/system_ntp endpoint, processed by function sub_41FBD0. The device (v1.0R hardware, firmware 1.11B03) is confirmed end-of-life, and the vendor has explicitly declined to investigate or remediate the issue. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires authenticated access to the TEW-821DAP web management interface: the CVSS 4.0 vector specifies PR:L (Low Privileges Required), confirming that some level of valid credentials is a prerequisite - unauthenticated exploitation is not indicated. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L) scores 5.3 Medium, but the Low impact ratings for confidentiality, integrity, and availability appear to significantly understate the practical consequence of OS command injection on an embedded network device - full device compromise is the realistic outcome, not limited impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained valid management credentials for the TEW-821DAP (via default credentials, credential reuse, or prior network reconnaissance) sends a crafted HTTP POST request to /goform/system_ntp with a Hostname value containing shell metacharacters such as '; whoami; #' or '$(id)'. The sub_41FBD0 function constructs an OS command string incorporating the unsanitized Hostname and passes it to a system() or equivalent call; the injected commands execute as the webserver process - likely root on this class of embedded device - giving the attacker full control over the device including configuration manipulation, credential access, and use as a network pivot point. |
| Remediation | No vendor patch will be released - TRENDnet has confirmed the TEW-821DAP (v1.0R) is end-of-life and declined to investigate the reported vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43209
GHSA-4pr9-4cff-6c6j