Command Injection Vulnerability in TRENDnet TEW-821DAP Firmware
CVE-2026-15487

5.3MEDIUM

Key Information:

Vendor

Trendnet

Vendor
CVE Published:
12 July 2026

What is CVE-2026-15487?

A security vulnerability exists in the firmware update handler of the TRENDnet TEW-821DAP, primarily affecting the function sub_41FBD0 within the /goform/system_ntp file. This flaw allows for remote attackers to exploit improper handling of the Hostname argument, leading to OS command injection. As the affected products, including TEW-821DAP versions that are no longer supported, fall outside regular maintenance, the potential risks from this vulnerability should not be overlooked.

Affected Version(s)

TEW-821DAP 1.11B03

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

IOT_Res (VulDB User)
VulDB CNA Team
.