Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2021-54 | Mitigation Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
07 Jan 2022, 16:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
References | (MISC) https://www.tenable.com/security/research/tra-2021-54 - Mitigation, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:* cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:* |
30 Dec 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-30 22:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-20150
Mitre link : CVE-2021-20150
CVE.ORG link : CVE-2021-20150
JSON object : View
Products Affected
trendnet
- tew-827dru_firmware
- tew-827dru
CWE
CWE-306
Missing Authentication for Critical Function