Description
A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-05-02
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A firmware updater component, platform_do_upgrade_cameo_dev in cameo_dev.sh, does not verify the authenticity of the firmware image. This weakness allows an attacker to supply a crafted firmware file that the device will load, potentially leading to remote code execution or privilege escalation. The attack is possible remotely, the complexity is high, and exploitability is considered difficult.

Affected Systems

All TRENDnet TEW‑821DAP routers running firmware versions up to 1.12B01 are affected. The vendor has ceased support for these models, which means no official patch is currently available.

Risk and Exploitability

With a CVSS score of 6.3, the vulnerability is moderate. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog. Although the attack requires remote access to the update interface and is difficult to execute, an attacker could exploit it to load unsigned firmware, potentially giving full control of the device. Because the product is end‑of‑life, mitigation focuses on network controls rather than patching.

Generated by OpenCVE AI on May 2, 2026 at 11:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the device’s firmware version; if it is 1.12B01 or earlier, stop using it for critical functions or isolate it in a separate network segment.
  • Restrict the firmware update interface by blocking the HTTP/HTTPS ports or the admin web interface from external networks, allowing updates only from a trusted internal console.
  • Monitor the device’s logs for unexpected firmware upload attempts or changes to the firmware file and alert administrators when such events occur.
  • Consider replacing the device with a supported model that receives vendor security updates.

Generated by OpenCVE AI on May 2, 2026 at 11:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-821dap
Vendors & Products Trendnet tew-821dap

Sat, 02 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
Title TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity
First Time appeared Trendnet
Trendnet tew-821dap Firmware
Weaknesses CWE-345
CPEs cpe:2.3:o:trendnet:tew-821dap_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-821dap Firmware
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:P/A:N/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Trendnet Tew-821dap Tew-821dap Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-02T09:30:12.219Z

Reserved: 2026-05-01T12:07:42.405Z

Link: CVE-2026-7611

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-02T10:16:19.640

Modified: 2026-05-02T10:16:19.640

Link: CVE-2026-7611

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T11:30:41Z

Weaknesses