TRENDnet TEW-821DAP Firmware Update Authentication Bypass Vulnerability Allowing Arbitrary Code Execution

An authentication vulnerability has been identified in the TRENDnet TEW-821DAP access point, specifically in firmware version 1.12B01. The issue arises in the Firmware Update Handler component, within the functions find_hwid and new_gui_update_firmware. This vulnerability allows for insufficient verification of data authenticity during the firmware update process. The flaw can be exploited remotely, although the complexity of the attack is considered high. The vulnerability stems from hard-coded verification information used for authenticating firmware updates. Attackers could potentially bypass this authentication and upload malicious firmware, leading to arbitrary code execution or a denial-of-service condition by causing the device to become unresponsive.

Impact

Exploitation of this vulnerability could result in unauthorized firmware updates, allowing for arbitrary code execution on the device or causing a denial-of-service by disrupting normal operation.