Vulnerabilities > Trendnet > TEW 827Dru Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-30 | CVE-2021-20158 | Missing Authentication for Critical Function vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. | 9.8 |
| 2021-12-30 | CVE-2021-20155 | Use of Hard-coded Credentials vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. | 9.8 |
| 2021-12-30 | CVE-2021-20151 | Session Fixation vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. | 10.0 |
| 2021-12-30 | CVE-2021-20149 | Incorrect Authorization vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. | 9.8 |
| 2020-06-15 | CVE-2020-14080 | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 9.8 |
| 2019-07-10 | CVE-2019-13276 | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. | 9.8 |
| 2019-07-10 | CVE-2019-13278 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. | 9.8 |
| 2019-07-10 | CVE-2019-13279 | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. | 9.8 |