PT-2021-13805 · Trendnet · Trendnet Ac2600 Tew-827Dru

Published

2021-12-30

Updated

2022-07-12

CVE-2021-20150

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Trendnet AC2600 TEW-827DRU version 2.08B01

Description: The issue allows information disclosure via redirection from the setup wizard. An attacker can bypass authentication and view information as an administrator by manually browsing to the setup wizard and forcing it to redirect to the desired page.

Recommendations: For Trendnet AC2600 TEW-827DRU version 2.08B01, consider restricting access to the setup wizard to prevent unauthorized redirection and information disclosure. As a temporary workaround, limit manual browsing to the setup wizard to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-20150

Affected Products

Trendnet Ac2600 Tew-827Dru

PT-2021-13805 · Trendnet · Trendnet Ac2600 Tew-827Dru

CVE-2021-20150

Weakness Enumeration

Related Identifiers

Affected Products

References · 4