Submit #806218: Trendnet TEW-821DAP v1.12B01 CWE-327 Use of a Broken or Risky Cryptographic Algorithminfo

TitleTrendnet TEW-821DAP v1.12B01 CWE-327 Use of a Broken or Risky Cryptographic Algorithm
DescriptionDuring the firmware update process, there is firmware integrity verification vulnerability in function platform_do_upgrade_cameo_dev() of program cameo_dev.sh. Function platform_do_upgrade_cameo_dev() performs the firmware integrity verification through CRC32 which could be easily be bypassed. Once the hackers obtain the CRC32 value they could could craft a compromised firmware with the same CRC value as the new firmware to bypass the integrity verification. Then, the compromised firmware which could cause arbitrary code execution or denial of service can be written into the IoT device through the firmware update.
Source⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Inte.md
User
 IOT_Res (UID 81722)
Submission04/16/2026 04:43 (3 months ago)
Moderation05/01/2026 14:08 (15 days later)
StatusAccepted
VulDB entry360568 [TRENDnet TEW-821DAP up to 1.12B01 Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity]
Points20

Do you know our Splunk app?

Download it now for free!