Security Flaw in Trendnet AC2600 TEW-827DRU Due to Unsecured Web Interface
CVE-2021-20154

7.5HIGH

Key Information:

Vendor: Trendnet
Status: Trendnet Ac2600 Tew-827dru
Vendor: CVE Published:; 30 December 2021

What is CVE-2021-20154?

The Trendnet AC2600 TEW-827DRU version 2.08B01 has a security issue in its web interface where HTTPS is not enabled by default. This oversight exposes sensitive data, such as user passwords, to potential interception as it is transmitted in cleartext. Users of this device should be aware of these vulnerabilities and take appropriate measures to secure their network.

Affected Version(s)

Trendnet AC2600 TEW-827DRU 2.08B01

References

https://www.tenable.com/security/research/tra-2021-54

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2021
Vulnerability Reserved
Dec 17, 2020