Cyber Resilience

CVE-2026-7609

LowPublic PoC

Published: 02 May 2026

Published
02 May 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0412 89.5th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-7609 is a low-severity Command Injection (CWE-77) vulnerability in Trendnet Tew-821Dap Firmware. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A flaw has been identified in the TRENDnet TEW-821DAP wireless access point running firmware up to version 1.12B01. The issue resides in the tools_diagnostic function within the /tmp/diagnostic component of the firmware update mechanism and stems from improper handling of input that permits operating system command injection, tracked under CWE-77 and CWE-78. The vulnerability received a CVSS 4.0 score of 2.1 and is exploitable remotely.

An authenticated attacker with network access can supply crafted input to the affected function and execute arbitrary commands on the device, resulting in limited impacts to confidentiality, integrity, and availability. Public exploit code has been released, although the CVSS vector indicates the attack requires a low-privileged account and does not need user interaction.

The vendor has stated that firmware version 1.12B01 applies only to hardware revision v1.xR, a product line that reached end-of-life eight years ago and is no longer supported or sold. No patches or mitigations are provided for this unsupported hardware.

EPSS scores remain low, with a recorded peak of 0.0106 and a current value of 0.0043.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible.…

more

The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Remote OS command injection (CWE-78) in publicly exposed firmware diagnostic/update function enables direct exploitation of the network device (T1190) and arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7607Same product: Trendnet Tew-821Dap
CVE-2026-5354Same vendor: Trendnet
CVE-2025-15471Same vendor: Trendnet
CVE-2026-5352Same vendor: Trendnet
CVE-2025-15472Same vendor: Trendnet
CVE-2024-46484Same vendor: Trendnet
CVE-2024-57590Same vendor: Trendnet
CVE-2026-5355Same vendor: Trendnet
CVE-2026-5351Same vendor: Trendnet
CVE-2026-5353Same vendor: Trendnet

Affected Assets

trendnet
tew-821dap firmware
1.12b01

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References