PT-2021-13815 · Trendnet · Trendnet Ac2600 Tew-827Dru

Jimi Sebree

Published

2021-12-30

Updated

2022-07-12

CVE-2021-20160

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Trendnet AC2600 TEW-827DRU version 2.08B01

Description: The device contains a command injection issue in the smb functionality. The username parameter used when configuring smb functionality is vulnerable to command injection as root.

Recommendations: For Trendnet AC2600 TEW-827DRU version 2.08B01, consider disabling the smb functionality until a patch is available to prevent command injection attacks. Restrict access to the smb configuration to minimize the risk of exploitation. Avoid using the username parameter in the affected smb functionality until the issue is resolved.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-20160

Affected Products

Trendnet Ac2600 Tew-827Dru

PT-2021-13815 · Trendnet · Trendnet Ac2600 Tew-827Dru

CVE-2021-20160

Weakness Enumeration

Related Identifiers

Affected Products

References · 5