Description
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-05-02
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the auto_update_firmware routine of the TRENDnet TEW‑821DAP firmware 1.12B01. The flaw arises from unchecked manipulation of an argument, which may be supplied remotely, giving an attacker the possibility to execute arbitrary code on the device. The weakness maps to CWE‑119 (Buffer Overflow) and CWE‑120 (Improper Handling of Memory Buffer).

Affected Systems

TRENDnet TEW‑821DAP firmware version 1.12B01 running on hardware version v1.xR. This product has been End‑of‑Life eight years ago and is no longer sold or supported by the vendor.

Risk and Exploitability

The CVSS score is 8.7, indicating a high impact vulnerability. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, but the remote attack vector combined with the lack of vendor support means exploitation likelihood cannot be ignored, especially in networks still operating the device.

Generated by OpenCVE AI on May 2, 2026 at 09:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Remove the TRENDnet TEW‑821DAP device from the network as soon as possible.
  • If removal is not immediately feasible, isolate the device with network segmentation or firewall rules to prevent external access.
  • Monitor the device for anomalous firmware update activity or unexpected traffic that may indicate exploitation attempts.

Generated by OpenCVE AI on May 2, 2026 at 09:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-821dap
Vendors & Products Trendnet tew-821dap

Sat, 02 May 2026 07:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
Title TRENDnet TEW-821DAP Firmware Udpate auto_update_firmware buffer overflow
First Time appeared Trendnet
Trendnet tew-821dap Firmware
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:o:trendnet:tew-821dap_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-821dap Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Trendnet Tew-821dap Tew-821dap Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-02T07:00:15.214Z

Reserved: 2026-05-01T12:07:28.408Z

Link: CVE-2026-7607

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-02T08:16:28.197

Modified: 2026-05-02T08:16:28.197

Link: CVE-2026-7607

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T10:00:06Z

Weaknesses