CVE-2026-7610

LOW

TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission

Title source: cna

Description

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

References (4)

Core 4

Core References

Vdb Entry vdb-entry

VDB-360567 | TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission

https://vuldb.com/vuln/360567

Signature, Permissions Required signature permissions-required

VDB-360567 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/360567/cti

Third Party Advisory third-party-advisory

Submit #806217 | Trendnet TEW-821DAP v1.12B01 CWE-319: Cleartext Transmission of Sensitive Information

https://vuldb.com/submit/806217

Patch patch

https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Down.md

View Patch ZIP pw:eip

Scores

CVSS v3 3.7

EPSS 0.0001

EPSS Percentile 2.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-310 CWE-319

Status published

Products (2)

TRENDnet/TEW-821DAP 1.12B01

trendnet/tew-821dap_firmware 1.12b01

Published May 02, 2026

Tracked Since May 02, 2026