Impact
The vulnerability resides in the tools_diagnostic function of TRENDnet TEW‑821DAP firmware up to version 1.12B01 and allows an attacker to inject arbitrary operating‑system commands. This can lead to remote code execution on the device, compromising its confidentiality, integrity, and availability. The weakness corresponds to CWE‑77 (OS Command Injection) and CWE‑78 (OS Command Injection via Environment Variable).
Affected Systems
Affected hardware is the TRENDnet TEW‑821DAP router, specifically firmware versions up to 1.12B01 that run on the v1.xR hardware revision. That firmware is no longer supported by TRENDnet, which ceased selling the product eight years ago.
Risk and Exploitability
The CVSS base score of 5.1 indicates moderate impact. The EPSS score is 5%, indicating a low but non‑zero probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited documented exploitation. Based on the description, it is inferred that the attacker must have access to the device’s diagnostics interface, typically via the network or local management interface, to trigger the injection. The known public exploit aligns with this inference. The lack of a current support contract and absence of a fixed version means the risk remains unless mitigated through other controls.
OpenCVE Enrichment