CVE-2026-15484
Received Received - Intake

Buffer Overflow in TRENDnet TEW-821DAP

Vulnerability report for CVE-2026-15484, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-12

Last updated on: 2026-07-12

Assigner: VulDB

Description

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. " This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-12
Last Modified
2026-07-12
Generated
2026-07-12
AI Q&A
2026-07-12
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
trendnet tew-821dap 1.12b01
trendnet tew-821dap 1.0r

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-15484 is a buffer overflow vulnerability found in the Trendnet TEW-821DAP device running firmware version 1.12B01. The issue occurs in the function sub_41EC14 within the ssi program, specifically in the /goform/tools_nslookup component. A buffer of only 2 bytes is used to store a command string that is actually 33 bytes long, causing a buffer overflow. This overflow is triggered remotely via an HTTP POST request to /goform/tools_nslookup, which calls the vulnerable function. The overflow happens when the setenv function sets the host variable and sprintf constructs the command string.

Impact Analysis

This vulnerability can allow an attacker to remotely execute arbitrary code or cause a denial of service on the affected device by exploiting the buffer overflow. Because the overflow occurs during the construction of a command string, it may lead to system compromise or instability. However, this vulnerability only affects devices that are no longer supported by the vendor.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP POST requests to the endpoint /goform/tools_nslookup on the Trendnet TEW-821DAP device running firmware version v1.12B01.

Specifically, detection involves identifying attempts to exploit the buffer overflow in the function sub_41EC14 triggered by crafted POST requests that manipulate the host parameter used in the nslookup command.

A suggested command to detect such activity on the device or network could be to capture and analyze HTTP POST requests targeting /goform/tools_nslookup, for example using network monitoring tools like tcpdump or Wireshark with filters for POST requests to that path.

  • tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /goform/tools_nslookup'

Additionally, inspecting device logs for unusual or malformed nslookup command executions or buffer overflow symptoms may help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting or blocking HTTP POST requests to the /goform/tools_nslookup endpoint on the affected Trendnet TEW-821DAP devices.

Since the vulnerability is triggered remotely via this endpoint, network-level controls such as firewall rules or access control lists can prevent exploitation attempts.

Additionally, because the affected products are no longer supported by the vendor, applying official patches or firmware updates may not be possible.

Therefore, isolating the vulnerable device from untrusted networks or replacing it with a supported device are recommended longer-term mitigation strategies.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15484. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart