Command Injection Vulnerability in TRENDnet TEW-821DAP Firmware
CVE-2026-15487
5.3MEDIUM
What is CVE-2026-15487?
A security vulnerability exists in the firmware update handler of the TRENDnet TEW-821DAP, primarily affecting the function sub_41FBD0 within the /goform/system_ntp file. This flaw allows for remote attackers to exploit improper handling of the Hostname argument, leading to OS command injection. As the affected products, including TEW-821DAP versions that are no longer supported, fall outside regular maintenance, the potential risks from this vulnerability should not be overlooked.
Affected Version(s)
TEW-821DAP 1.11B03
