TRENDnet has received report of the command injection vulnerability and known vulnerabilities in the cgi interface with TEW-827DRU hardware version 2.xR Firmware 2.10.B01 and earlier. When exploited successfully, the attacker can have root access to the device. TRENDnet has released firmware update to address these vulnerabilities, please click on the link below to go to the product's download page. Or, you can login to the device's management (http://TEW-827DRU) and click on the new firmware available notification on the upper right hand side to perform the firmware upgrade.

TRENDnet is aware of the buffer overflow and command injection vulnerabilities involving the TEW-821DAP Version 2.0R AC1200 Wireless Access Point that could allow a malicious cyber attacker to take over the device and gain access to its operating system.

TEW-821DAP hardware version V2.xR, firmware version 3.01B02 and earlier
TEW-825DAP hardware version v1.xR, firmware version 2.02B01 and earlier
TEW-826DAP hardware version v1.xR, firmware version 2.00B08 and earlier
TEW-921DAP hardware version v1.xR, firmware version 2.13B02 and earlier

TRENDnet is aware of the command injection vulnerability and known vulnerabilities in CLI with TWG-431BR and TEW-740APBO hardware version 3.xR. To exploit these vulnerabilities, the attacker would need to know the device's management interface login user name and password. When exploited successfully, the attacker can compromise the device.

TRENDnet has released firmware updates to address these vulnerabilities

TRENDnet is aware of the possible buffer overflow vulnerabilities involving the TEW-820AP Wireless AC Easy-Upgrader that could allow a malicious cyber attacker to take over the device and gain access to its operating system; however, this product has reached its End of Life (EoL) and End of Support, and TRENDnet is unable to provide support to verify or resolve these vulnerabilities.

TRENDnet recommends customers to retire this product to prevent the risk of devices possibly connecting to it.