OS Command Injection in TRENDnet TEW-821DAP Firmware Update
CVE-2026-15486

5.3MEDIUM

Key Information:

Vendor

Trendnet

Vendor
CVE Published:
12 July 2026

What is CVE-2026-15486?

A remote exploitable OS command injection vulnerability has been identified in the firmware update handler of TRENDnet TEW-821DAP. This flaw allows attackers to manipulate function arguments related to hostname, username, or password, leading to unauthorized command execution on the device. It's important to note that this vulnerability impacts obsolete products for which vendor support has been discontinued, raising risks for users of these devices.

Affected Version(s)

TEW-821DAP 1.11B03

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

IOT_Res (VulDB User)
VulDB CNA Team
.