PT-2021-13807 · Trendnet · Trendnet Ac2600 Tew-827Dru

Published

2021-12-30

Updated

2022-01-07

CVE-2021-20152

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Trendnet AC2600 TEW-827DRU version 2.08B01

Description: The issue is related to a lack of proper authentication in the bittorrent functionality. If this functionality is enabled, it allows anyone to visit and modify settings and files via the Bittorent web client by accessing the "http://192.168.10.1:9091/transmission/web/" endpoint.

Recommendations: For Trendnet AC2600 TEW-827DRU version 2.08B01, consider disabling the bittorrent functionality until a patch is available to prevent unauthorized access and modifications. Restrict access to the Bittorent web client to minimize the risk of exploitation. Avoid using the Bittorent web client until the issue is resolved.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-20152

Affected Products

Trendnet Ac2600 Tew-827Dru

PT-2021-13807 · Trendnet · Trendnet Ac2600 Tew-827Dru

CVE-2021-20152

Weakness Enumeration

Related Identifiers

Affected Products

References · 5