CVE-2026-7608
Published: 02 May 2026
Summary
CVE-2026-7608 is a low-severity Command Injection (CWE-77) vulnerability in Trendnet Tew-821Dap Firmware. Its CVSS base score is 2.0 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability has been identified in the TRENDnet TEW-821DAP wireless access point running firmware up to version 1.12B01. The issue resides in the tools_diagnostic function, where improper handling of input enables OS command injection, corresponding to CWE-77 and CWE-78. The flaw carries a low CVSS 4.0 score of 2.0, reflecting an attack vector limited to the local network with low-privilege access.
An attacker with local network access and valid credentials can supply crafted input to the affected function, resulting in execution of arbitrary operating system commands. This grants limited control over confidentiality, integrity, and availability on the device. The exploit code has been made public, though the vendor notes that the affected firmware applies only to hardware version v1.xR, a product line that reached end-of-life eight years ago and receives no further support.
Public references, including a detailed firmware analysis on GitHub and entries on Vuldb, confirm the command-injection vector but provide no vendor-supplied patches or workarounds. Because the device is explicitly unsupported, organizations still operating it must treat it as permanently unpatched.
The associated EPSS score remains flat at 0.0157 with no material increase since disclosure, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26767
Vulnerability details
A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will…
more
only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in tools_diagnostic function of public-facing web management interface on network device directly enables exploitation of public-facing application.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.