| Titre | Trendnet TEW-821DAP v1.12B01 CWE-327 Use of a Broken or Risky Cryptographic Algorithm |
|---|
| Description | During the firmware update process, there is firmware integrity verification vulnerability in function platform_do_upgrade_cameo_dev() of program cameo_dev.sh. Function platform_do_upgrade_cameo_dev() performs the firmware integrity verification through CRC32 which could be easily be bypassed. Once the hackers obtain the CRC32 value they could could craft a compromised firmware with the same CRC value as the new firmware to bypass the integrity verification. Then, the compromised firmware which could cause arbitrary code execution or denial of service can be written into the IoT device through the firmware update. |
|---|
| La source | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Inte.md |
|---|
| Utilisateur | IOT_Res (UID 81722) |
|---|
| Soumission | 16/04/2026 04:43 (il y a 2 mois) |
|---|
| Modérer | 01/05/2026 14:08 (15 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 360568 [TRENDnet TEW-821DAP jusqu’à 1.12B01 Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev authentification faible] |
|---|
| Points | 20 |
|---|