CVE-2026-7609
Published: 02 May 2026
Summary
CVE-2026-7609 is a low-severity Command Injection (CWE-77) vulnerability in Trendnet Tew-821Dap Firmware. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A flaw has been identified in the TRENDnet TEW-821DAP wireless access point running firmware up to version 1.12B01. The issue resides in the tools_diagnostic function within the /tmp/diagnostic component of the firmware update mechanism and stems from improper handling of input that permits operating system command injection, tracked under CWE-77 and CWE-78. The vulnerability received a CVSS 4.0 score of 2.1 and is exploitable remotely.
An authenticated attacker with network access can supply crafted input to the affected function and execute arbitrary commands on the device, resulting in limited impacts to confidentiality, integrity, and availability. Public exploit code has been released, although the CVSS vector indicates the attack requires a low-privileged account and does not need user interaction.
The vendor has stated that firmware version 1.12B01 applies only to hardware revision v1.xR, a product line that reached end-of-life eight years ago and is no longer supported or sold. No patches or mitigations are provided for this unsupported hardware.
EPSS scores remain low, with a recorded peak of 0.0106 and a current value of 0.0043.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26773
Vulnerability details
A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible.…
more
The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote OS command injection (CWE-78) in publicly exposed firmware diagnostic/update function enables direct exploitation of the network device (T1190) and arbitrary Unix shell command execution (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.