Command Injection Flaw in TRENDnet TEW-821DAP DNS Lookup Handler
CVE-2026-15485
5.3MEDIUM
What is CVE-2026-15485?
A command injection vulnerability exists within the DNS Lookup Handler of TRENDnet TEW-821DAP, specifically in the sub_43F2C4 function of the tools_nslookup file. An attacker can exploit this flaw by manipulating parameters, resulting in unauthorized command execution. Notably, this issue affects products that are no longer supported, including the TEW-821DAP version 1.11B03 and earlier versions, making them susceptible to potential remote attacks. The vendor has indicated an inability to confirm these vulnerabilities for earlier versions, emphasizing the risks posed to end-users relying on unsupported devices.
Affected Version(s)
TEW-821DAP 1.11B03
