PT-2021-13809 · Trendnet · Trendnet Ac2600 Tew-827Dru

Published

2021-12-30

Updated

2022-01-07

CVE-2021-20154

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Trendnet AC2600 TEW-827DRU version 2.08B01

Description: The device contains a security flaw in its web interface, specifically that HTTPS is not enabled by default. This results in the cleartext transmission of sensitive information, such as passwords.

Recommendations: For version 2.08B01, enable HTTPS on the device to prevent the cleartext transmission of sensitive information. As a temporary workaround, consider restricting access to the web interface until HTTPS can be enabled.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2021-20154

Affected Products

Trendnet Ac2600 Tew-827Dru

PT-2021-13809 · Trendnet · Trendnet Ac2600 Tew-827Dru

CVE-2021-20154

Weakness Enumeration

Related Identifiers

Affected Products

References · 3