Home

Description

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-02 | Updated 2026-05-02 | Assigner VulDB




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
LOW: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2.6AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

Problem types

Cleartext Transmission of Sensitive Information

Cryptographic Issues

Product status

1.12B01
affected

Timeline

2026-05-01:Advisory disclosed
2026-05-01:VulDB entry created
2026-05-01:VulDB entry last update

Credits

IOT_Res (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/360567 (VDB-360567 | TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission) vdb-entry

vuldb.com/vuln/360567/cti (VDB-360567 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/submit/806217 (Submit #806217 | Trendnet TEW-821DAP v1.12B01 CWE-319: Cleartext Transmission of Sensitive Information) third-party-advisory

github.com/...e_Update/blob/main/Trendnet/TEW-821DAP_Down.md patch

cve.org (CVE-2026-7610)

nvd.nist.gov (CVE-2026-7610)

Download JSON