Vulnerabilities > Trendnet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-30 | CVE-2021-20153 | Link Following vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. | 6.8 |
| 2021-12-30 | CVE-2021-20156 | Improper Verification of Cryptographic Signature vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. | 6.5 |
| 2021-12-30 | CVE-2021-20161 | Missing Authentication for Critical Function vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. | 6.8 |
| 2021-12-30 | CVE-2021-20162 | Cleartext Storage of Sensitive Information vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. | 4.9 |
| 2021-12-30 | CVE-2021-20163 | Insufficiently Protected Credentials vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. | 4.9 |
| 2021-12-30 | CVE-2021-20164 | Insufficiently Protected Credentials vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. | 4.9 |
| 2021-08-10 | CVE-2021-28846 | Use of Externally-Controlled Format String vulnerability in Trendnet products A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. | 6.5 |
| 2021-08-10 | CVE-2021-31655 | Cross-site Scripting vulnerability in Trendnet Tv-Ip110Wn Firmware 1.2.2.64/1.2.2.65/1.2.2.68 Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. | 6.1 |
| 2021-06-17 | CVE-2021-32426 | Cross-site Scripting vulnerability in Trendnet Tw100-S4W1Ca Firmware 2.3.32 In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. | 6.1 |