Vulnerabilities > Trendnet > TEW 827Dru Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-12-30 CVE-2021-20159 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection.
network
low complexity
trendnet CWE-78
8.8
2021-12-30 CVE-2021-20160 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device.
network
low complexity
trendnet CWE-78
8.8
2021-12-30 CVE-2021-20161 Missing Authentication for Critical Function vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality.
low complexity
trendnet CWE-306
6.8
2021-12-30 CVE-2021-20162 Cleartext Storage of Sensitive Information vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext.
network
low complexity
trendnet CWE-312
4.9
2021-12-30 CVE-2021-20163 Insufficiently Protected Credentials vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page.
network
low complexity
trendnet CWE-522
4.9
2021-12-30 CVE-2021-20164 Insufficiently Protected Credentials vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device.
network
low complexity
trendnet CWE-522
4.9
2021-12-30 CVE-2021-20165 Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections.
network
low complexity
trendnet CWE-352
8.8
2020-06-15 CVE-2020-14076 Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.
network
low complexity
trendnet CWE-787
8.8
2020-06-15 CVE-2020-14081 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.
network
low complexity
trendnet CWE-78
8.8
2020-06-15 CVE-2020-14080 Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.
network
low complexity
trendnet CWE-787
critical
9.8