CVE-2026-15487
Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-77
Neutralización incorrecta de elementos especiales usados en un comando (Inyección de comando)
Fecha de publicación:
12/07/2026
Última modificación:
12/07/2026
Descripción
*** Pendiente de traducción *** A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. " This vulnerability only affects products that are no longer supported by the maintainer.
Impacto
Puntuación base 4.0
5.30
Gravedad 4.0
MEDIA
Puntuación base 3.x
6.30
Gravedad 3.x
MEDIA
Puntuación base 2.0
6.50
Gravedad 2.0
MEDIA



