CVE-2026-7610
Awaiting Analysis Awaiting Analysis - Queue
Cleartext Transmission Vulnerability in TRENDnet TEW-821DAP Firmware

Publication date: 2026-05-02

Last updated on: 2026-05-06

Assigner: VulDB

Description
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-02
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7610
EUVD
EUVD-2026-26774
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-821dap_firmware 1.12b01
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-310 Cryptographic Issues
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-7610 affects the Trendnet TEW-821DAP router with firmware version 1.12B01. It involves the firmware update process where the device uses an unencrypted HTTP URL instead of HTTPS to download firmware via the /www/cgi/ssi program. This allows an attacker to perform a Man-in-the-Middle (MITM) attack by intercepting and modifying the firmware download URL.

Such manipulation can lead to the device downloading malicious firmware or being redirected to a harmful server, potentially resulting in arbitrary code execution or denial of service on the device.

Impact Analysis

This vulnerability can impact you by allowing attackers to intercept and modify the firmware update process of the affected device remotely. This could lead to the installation of malicious firmware, which may enable arbitrary code execution or cause denial of service.

Because the attack requires high complexity and is difficult to exploit, the risk is somewhat mitigated, but the consequences of a successful attack could be severe, including loss of device functionality or compromise of network security.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for unencrypted HTTP requests to the firmware update URL on the affected device, specifically requests to the /www/cgi/ssi endpoint.

You can use network packet capture tools such as tcpdump or Wireshark to identify HTTP traffic instead of HTTPS during firmware update attempts.

  • Use tcpdump to capture HTTP traffic on the device's IP address: tcpdump -i <interface> host <device_ip> and filter for HTTP requests.
  • Use curl or wget to manually check if the firmware update URL is accessible over HTTP: curl -v http://<device_ip>/www/cgi/ssi
  • Inspect logs or network monitoring tools for any signs of Man-in-the-Middle (MITM) attacks or unexpected redirects during firmware update processes.
Mitigation Strategies

Since the affected product is End-Of-Life and no longer supported, immediate mitigation involves preventing the device from performing firmware updates over unencrypted HTTP.

You should isolate the device from untrusted networks to reduce exposure to remote attacks.

  • Disable automatic firmware updates if possible.
  • Use network segmentation or firewall rules to block HTTP traffic to and from the device, especially to prevent interception or redirection of firmware update requests.
  • Consider replacing the device with a supported model that uses secure firmware update mechanisms.
Compliance Impact

This vulnerability leads to the cleartext transmission of sensitive information during the firmware update process, which can be intercepted by attackers. Such exposure of sensitive data may conflict with compliance requirements in standards and regulations like GDPR and HIPAA that mandate the protection of personal and sensitive information during transmission.

However, the affected product is no longer supported and has been end-of-life for 8 years, which may limit the practical impact on compliance for current deployments.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7610. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart