Home

Description

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-02 | Updated 2026-05-02 | Assigner VulDB




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X
LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R
LOW: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R
2.6AV:N/AC:H/Au:N/C:N/I:P/A:N/E:ND/RL:ND/RC:UR

Problem types

Insufficient Verification of Data Authenticity

Product status

1.12B01
affected

Timeline

2026-05-01:Advisory disclosed
2026-05-01:VulDB entry created
2026-05-01:VulDB entry last update

Credits

IOT_Res (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/360568 (VDB-360568 | TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity) vdb-entry technical-description

vuldb.com/vuln/360568/cti (VDB-360568 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/submit/806218 (Submit #806218 | Trendnet TEW-821DAP v1.12B01 CWE-327 Use of a Broken or Risky Cryptographic Algorithm) third-party-advisory

github.com/...e_Update/blob/main/Trendnet/TEW-821DAP_Inte.md patch

cve.org (CVE-2026-7611)

nvd.nist.gov (CVE-2026-7611)

Download JSON