CVE-2021-20165

Name of the Vulnerable Software and Affected Versions: Trendnet AC2600 TEW-827DRU version 2.08B01

Description: The issue is related to the improper implementation of CSRF protections. Most pages lack proper usage of CSRF protections or mitigations. For pages that do use CSRF tokens, these tokens are trivially bypassable because the server does not validate them properly. This means an attacker could re-use an old token or find the token through some other method.

Recommendations: For Trendnet AC2600 TEW-827DRU version 2.08B01, consider disabling access to pages that lack proper CSRF protections or mitigations until a patch is available. Restrict the use of pages that utilize CSRF tokens to minimize the risk of exploitation, as these tokens can be bypassed. At the moment, there is no information about a newer version that contains a fix for this issue.