Vulnerabilities > CVE-2021-20149 - Incorrect Authorization vulnerability in Trendnet Tew-827Dru Firmware 2.08B01

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

trendnet

CWE-863

NVD

Published: 2021-12-30

Updated: 2022-01-07

Summary

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default.

Vulnerable Configurations

Part	Description	Count
OS	Trendnet Trendnet TEW 827Dru Firmware 2.08B01	1
Hardware	Trendnet Trendnet TEW 827Dru 2.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.tenable.com/security/research/tra-2021-54