CVE-2021-20149

Published: Dec 30, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default.

Affected (1)

Products: Trendnet: Tew 827dru Firmware

1 product

Tew 827dru Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendnet Tew 827dru Firmware	Version 2.08b01

Running on/with	Platform Versions
Trendnet Tew 827dru	Version 2.0

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.tenable.com/security/research/tra-2021-54

Source: vulnreport@tenable.com

Third Party Advisory

https://www.tenable.com/security/research/tra-2021-54

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.