Symlink Vulnerability in Trendnet AC2600 Router
CVE-2021-20153

6.8MEDIUM

Key Information:

Vendor: Trendnet
Status: Trendnet Ac2600 Tew-827dru
Vendor: CVE Published:; 30 December 2021

What is CVE-2021-20153?

The Trendnet AC2600 TEW-827DRU router version 2.08B01 contains a symlink vulnerability within its bittorrent functionality. When this feature is enabled, an attacker can exploit this vulnerability by utilizing a maliciously crafted flash drive. If inserted into the router, the device can be tricked into downloading files to arbitrary locations on its filesystem, including sensitive directories like 'config', 'downloads', and 'torrents'. This exposure can potentially allow remote code execution, particularly through the 'downloads' directory where arbitrary files can be redirected.

Affected Version(s)

Trendnet AC2600 TEW-827DRU 2.08B01

References

https://www.tenable.com/security/research/tra-2021-54

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2021
Vulnerability Reserved
Dec 17, 2020