TRENDnet TEW-821DAP Firmware Update Vulnerability Leading to Cleartext Transmission of Sensitive Information

A vulnerability exists in the TRENDnet TEW-821DAP access point, specifically in firmware version 1.12B01. The issue arises in the firmware update process, where the device uses a hard-coded URL for downloading firmware via HTTP, rather than a secure HTTPS connection. This flaw exposes the download to potential man-in-the-middle attacks, allowing attackers to intercept the firmware URL and possibly redirect it to a malicious site or modify the firmware before it is installed. The vulnerability enables remote exploitation, but is considered to have high complexity and difficult exploitability.

Impact

Exploitation of this vulnerability could lead to unauthorized interception of firmware update URLs, allowing for firmware modification attacks or redirection to malicious URLs. Such actions could result in arbitrary code execution or a denial-of-service condition on the device.