Command Injection Flaw in TRENDnet TEW-821DAP DNS Lookup Handler
CVE-2026-15485

5.3MEDIUM

Key Information:

Vendor

Trendnet

Vendor
CVE Published:
12 July 2026

What is CVE-2026-15485?

A command injection vulnerability exists within the DNS Lookup Handler of TRENDnet TEW-821DAP, specifically in the sub_43F2C4 function of the tools_nslookup file. An attacker can exploit this flaw by manipulating parameters, resulting in unauthorized command execution. Notably, this issue affects products that are no longer supported, including the TEW-821DAP version 1.11B03 and earlier versions, making them susceptible to potential remote attacks. The vendor has indicated an inability to confirm these vulnerabilities for earlier versions, emphasizing the risks posed to end-users relying on unsupported devices.

Affected Version(s)

TEW-821DAP 1.11B03

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

IOT_Res (VulDB User)
VulDB CNA Team
.