Home

Description

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-02 | Updated 2026-05-04 | Assigner VulDB




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X
LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R
LOW: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R
2.6AV:N/AC:H/Au:N/C:N/I:P/A:N/E:ND/RL:ND/RC:UR

Problem types

Insufficient Verification of Data Authenticity

Product status

1.12B01
affected

Timeline

2026-05-01:Advisory disclosed
2026-05-01:VulDB entry created
2026-05-01:VulDB entry last update

Credits

IOT_Res (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/360563 (VDB-360563 | TRENDnet TEW-821DAP Firmware Update new_gui_update_firmware data authenticity) vdb-entry technical-description

vuldb.com/vuln/360563/cti (VDB-360563 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/submit/806213 (Submit #806213 | Trendnet TEW-821DAP v1.12B01 CWE-287 Improper Authentication) third-party-advisory

github.com/...e_Update/blob/main/Trendnet/TEW-821DAP_Auth.md patch

cve.org (CVE-2026-7606)

nvd.nist.gov (CVE-2026-7606)

Download JSON