Trendnet Tew 821dap Firmware

TRENDnet TEW-821DAP Firmware Update Handler auth bypass up to 1.12B01
CVE-2026-7611 3.7 - Low - May 02, 2026

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Insufficient Verification of Data Authenticity

TRENDnet TEW-821DAP 1.12B01 cgi/ssi Firmware Update Cleartext Leak
CVE-2026-7610 3.7 - Low - May 02, 2026

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Cleartext Transmission of Sensitive Information

TRENDnet TEW-821DAP OS Command Injection via tools_diagnostic (1.12B01)
CVE-2026-7609 6.3 - Medium - May 02, 2026

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Shell injection

TRENDnet TEW-821DAP <=1.12B01: tools_diagnostic OS Command Injection
CVE-2026-7608 5.5 - Medium - May 02, 2026

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Shell injection

TRENDnet TEW-821DAP 1.12B01 buf overflow in Firmware Upd auto_update_firmware
CVE-2026-7607 8.8 - High - May 02, 2026

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Classic Buffer Overflow

TRENDnet TEW-821DAP 1.12B01 Firmware Update Auth Verification Bypass
CVE-2026-7606 3.7 - Low - May 02, 2026

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Insufficient Verification of Data Authenticity

Buffer Overflow in TRENDnet AC1200 Firmware 3.00b06 via adm_add_user
CVE-2023-51146 - March 26, 2024

Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action.

TRENDnet TEW-821DAP 3.00b06 Buffer Overflow in adm_mod_pwd allows code execution
CVE-2023-51147 - March 26, 2024

Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action.

TRENDnet TEW-821DAP v3.00b06 mycli CLI Remote Code Execution
CVE-2023-51148 - March 26, 2024

An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.