Cyber Resilience

CVE-2026-7608

LowPublic PoC

Published: 02 May 2026

Published
02 May 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score v4 2.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0157 81.9th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7608 is a low-severity Command Injection (CWE-77) vulnerability in Trendnet Tew-821Dap Firmware. Its CVSS base score is 2.0 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A vulnerability has been identified in the TRENDnet TEW-821DAP wireless access point running firmware up to version 1.12B01. The issue resides in the tools_diagnostic function, where improper handling of input enables OS command injection, corresponding to CWE-77 and CWE-78. The flaw carries a low CVSS 4.0 score of 2.0, reflecting an attack vector limited to the local network with low-privilege access.

An attacker with local network access and valid credentials can supply crafted input to the affected function, resulting in execution of arbitrary operating system commands. This grants limited control over confidentiality, integrity, and availability on the device. The exploit code has been made public, though the vendor notes that the affected firmware applies only to hardware version v1.xR, a product line that reached end-of-life eight years ago and receives no further support.

Public references, including a detailed firmware analysis on GitHub and entries on Vuldb, confirm the command-injection vector but provide no vendor-supplied patches or workarounds. Because the device is explicitly unsupported, organizations still operating it must treat it as permanently unpatched.

The associated EPSS score remains flat at 0.0157 with no material increase since disclosure, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will…

more

only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

OS command injection in tools_diagnostic function of public-facing web management interface on network device directly enables exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

trendnet
tew-821dap firmware
1.12b01

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References