CVE-2026-7610 - Vulnerability Details

- TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission

Description

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-05-02

Score: 6.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the firmware update component at /www/cgi/ssi on the TRENDnet TEW‑821DAP, allowing sensitive information to be sent in cleartext. Attackers can trigger this remotely, and the disclosed exploit is reported to be of high complexity and difficult to execute, yet publicly available. Because the flaw leaks confidential data, the primary impact is a breach of confidentiality.

Affected Systems

The issue affects TRENDnet TEW‑821DAP firmware version 1.12B01. This model is an end‑of‑life product, unsupported for over eight years, and is no longer available from the manufacturer.

Risk and Exploitability

With a CVSS score of 6.3 the vulnerability falls into the medium severity range. The EPSS score is not available, but the public disclosure of the exploit increases the likelihood of an attack. The vulnerability is not listed in the CISA KEV catalog. Because the device is accessed via its firmware update interface, the likely attack vector is remote; however, operational constraints such as lack of vendor support mean that remediation relies on replacing or disabling the device rather than applying a patch.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TRENDnet

TEW-821DAP

affected

Version	Status	Constraints
`1.12B01`	affected	—

No data.

Vendor Product Confidence Versions

Trendnet

Tew-821dap

100%

Version	Status	Scheme	Platform
`1.12B01`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Cease operation and remove any TRENDnet TEW‑821DAP devices from production networks.
Block external access to the firmware update interface, for example by firewalling the associated port or IP range.
Migrate to a supported replacement router or access point from a vendor that provides ongoing security updates.

Generated by OpenCVE AI on May 2, 2026 at 11:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Down.md
https://vuldb.com/submit/806217
https://vuldb.com/vuln/360567
https://vuldb.com/vuln/360567/cti

History

Sat, 02 May 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendnet tew-821dap
Vendors & Products		Trendnet tew-821dap

Sat, 02 May 2026 09:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
Title		TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission
First Time appeared		Trendnet Trendnet tew-821dap Firmware
Weaknesses		CWE-310 CWE-319
CPEs		cpe:2.3:o:trendnet:tew-821dap_firmware::::::::
Vendors & Products		Trendnet Trendnet tew-821dap Firmware
References		https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Down.md https://vuldb.com/submit/806217 https://vuldb.com/vuln/360567 https://vuldb.com/vuln/360567/cti
Metrics		cvssV2_0 `{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Trendnet Tew-821dap Tew-821dap Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-02T09:15:10.757Z

Updated: 2026-05-02T09:15:10.757Z

Reserved: 2026-05-01T12:07:37.870Z

Link: CVE-2026-7610

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-02T10:16:19.460

Modified: 2026-05-02T10:16:19.460

Link: CVE-2026-7610

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-02T11:30:41Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object