CVE-2026-7609: OS Command Injection in TRENDnet TEW-821DAP
CVE-2026-7609 is an OS command injection vulnerability in the TRENDnet TEW-821DAP router firmware version 1. 12B01. The flaw exists in the tools_diagnostic function related to the /tmp/diagnostic file in the Firmware Update component. This vulnerability allows remote attackers to execute arbitrary OS commands. Exploit code has been published. However, the affected product is an end-of-life device no longer supported or sold by the vendor.
AI Analysis
Technical Summary
This vulnerability affects TRENDnet TEW-821DAP devices running firmware up to version 1.12B01. The issue is an OS command injection in the tools_diagnostic function of the Firmware Update component, specifically involving the /tmp/diagnostic file. Remote exploitation is possible without user interaction and with low attack complexity. The vendor has discontinued support for this hardware version (v1.xR) and no longer sells it. No official patch or remediation is available from the vendor.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary operating system commands on the affected device, potentially leading to unauthorized control or disruption. The CVSS 4.0 base score is 5.3 (medium severity), reflecting network attack vector, low attack complexity, and no required privileges or user interaction. Since the product is end-of-life and unsupported, affected devices remain vulnerable if still in use.
Mitigation Recommendations
No official fix or patch is available as the product is end-of-life and no longer supported by TRENDnet. Users should discontinue use of the affected hardware or isolate it from untrusted networks to mitigate risk. Replacement with supported devices is recommended. Monitor for any vendor updates but currently no remediation is provided.
CVE-2026-7609: OS Command Injection in TRENDnet TEW-821DAP
Description
CVE-2026-7609 is an OS command injection vulnerability in the TRENDnet TEW-821DAP router firmware version 1. 12B01. The flaw exists in the tools_diagnostic function related to the /tmp/diagnostic file in the Firmware Update component. This vulnerability allows remote attackers to execute arbitrary OS commands. Exploit code has been published. However, the affected product is an end-of-life device no longer supported or sold by the vendor.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects TRENDnet TEW-821DAP devices running firmware up to version 1.12B01. The issue is an OS command injection in the tools_diagnostic function of the Firmware Update component, specifically involving the /tmp/diagnostic file. Remote exploitation is possible without user interaction and with low attack complexity. The vendor has discontinued support for this hardware version (v1.xR) and no longer sells it. No official patch or remediation is available from the vendor.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary operating system commands on the affected device, potentially leading to unauthorized control or disruption. The CVSS 4.0 base score is 5.3 (medium severity), reflecting network attack vector, low attack complexity, and no required privileges or user interaction. Since the product is end-of-life and unsupported, affected devices remain vulnerable if still in use.
Mitigation Recommendations
No official fix or patch is available as the product is end-of-life and no longer supported by TRENDnet. Users should discontinue use of the affected hardware or isolate it from untrusted networks to mitigate risk. Replacement with supported devices is recommended. Monitor for any vendor updates but currently no remediation is provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-01T12:07:34.727Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f5c597cbff5d8610c60a12
Added to database: 5/2/2026, 9:36:23 AM
Last enriched: 5/2/2026, 9:51:35 AM
Last updated: 5/2/2026, 10:37:17 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.