PT-2021-13819 · Trendnet · Trendnet Ac2600 Tew-827Dru
Published
2021-12-30
·
Updated
2022-01-07
·
CVE-2021-20164
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Trendnet AC2600 TEW-827DRU version 2.08B01
Description:
The issue concerns the improper disclosure of credentials for the smb functionality of the device. Specifically, usernames and passwords for all smb users are revealed in plaintext on the "smbserver.asp" page.
Recommendations:
For Trendnet AC2600 TEW-827DRU version 2.08B01, consider restricting access to the smbserver.asp page until a fix is available to prevent unauthorized disclosure of smb user credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trendnet Ac2600 Tew-827Dru