CVE-2026-7609
Awaiting Analysis Awaiting Analysis - Queue
Command Injection in TRENDnet TEW-821DAP Firmware

Publication date: 2026-05-02

Last updated on: 2026-05-06

Assigner: VulDB

Description
A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-02
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7609
EUVD
EUVD-2026-26773
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-821dap_firmware 1.12b01
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a command injection flaw found in the firmware update process of the TRENDnet TEW-821DAP router, specifically in the tools_diagnostic function of the ssi program. It occurs because the IP address input used for network diagnostics is not properly sanitized for shell metacharacters such as ;, |, and $. This allows an attacker to inject and execute arbitrary operating system commands remotely by sending a specially crafted AJAX POST request.

Impact Analysis

This vulnerability can allow a remote attacker to execute arbitrary commands on the affected device without user interaction. This could lead to unauthorized control over the router, enabling actions such as executing malicious code or causing denial of service conditions. Since the device is no longer supported, it is unlikely to receive patches, increasing the risk if the device is still in use.

Detection Guidance

This vulnerability can be detected by testing the diagnostic tool's handling of IP address inputs for command injection. Specifically, sending crafted AJAX POST requests to the tools_diagnostic function with IP parameters containing shell metacharacters such as ;, |, or $ can reveal if command injection is possible.

A practical detection method involves sending a traceroute diagnostic request with an IP address parameter that includes injected commands, for example: 127.0.0.1" -f /dev/null; <command>; #. If the system executes the injected command, the vulnerability is present.

Since the vulnerability is triggered via the AJAX POST request to the diagnostic function, monitoring network traffic for suspicious POST requests to the diagnostic endpoint with unusual characters in the IP address field can also help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the vulnerable firmware version (up to 1.12B01) on the TRENDnet TEW-821DAP device, as this product is already end-of-life and no longer supported by the vendor.

Since the vendor no longer provides updates or patches, the best mitigation is to discontinue use of the affected hardware or isolate it from untrusted networks to prevent remote exploitation.

Additionally, monitoring and filtering network traffic to block suspicious AJAX POST requests containing shell metacharacters targeting the diagnostic function can reduce the risk of exploitation.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7609. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart