Command Injection Vulnerability in Trendnet AC2600 Router
CVE-2021-20160

8.8HIGH

Key Information:

Vendor: Trendnet
Status: Trendnet Ac2600 Tew-827dru
Vendor: CVE Published:; 30 December 2021

What is CVE-2021-20160?

The Trendnet AC2600 TEW-827DRU router is vulnerable to command injection through its SMB functionality. An attacker can exploit this vulnerability by manipulating the username parameter during configuration, potentially allowing unauthorized commands to be executed with root privileges. This issue highlights the importance of securing network devices against injection attacks to prevent unauthorized access and protect sensitive data.

Affected Version(s)

Trendnet AC2600 TEW-827DRU 2.08B01

References

https://www.tenable.com/security/research/tra-2021-54

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2021
Vulnerability Reserved
Dec 17, 2020