Details of VAR-202112-2052

ID

VAR-202112-2052

CVE

CVE-2021-20165

TITLE

Trendnet AC2600 TEW-827DRU Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017218

DESCRIPTION

Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible). Trendnet AC2600 TEW-827DRU Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Trendnet AC2600 TEW-827DRU is a wireless router. There is a security vulnerability in Trendnet AC2600 TEW-827DRU. There is currently no detailed vulnerability details provided

Trust: 2.25

sources: NVD: CVE-2021-20165 // JVNDB: JVNDB-2021-017218 // CNVD: CNVD-2022-03199 // VULMON: CVE-2021-20165

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-03199

AFFECTED PRODUCTS

vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	2.08b01	Trust: 1.0
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	-	Trust: 0.8
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	tew-827dru firmware 2.08b01	Trust: 0.8
vendor:	trendnet	model:	ac2600 tew-827dru 2.08b01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-03199 // JVNDB: JVNDB-2021-017218 // NVD: CVE-2021-20165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20165
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-20165
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-03199
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202112-2802
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-20165
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20165
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-03199
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20165
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20165
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-03199 // VULMON: CVE-2021-20165 // JVNDB: JVNDB-2021-017218 // CNNVD: CNNVD-202112-2802 // NVD: CVE-2021-20165

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.0
problemtype:	Cross-site request forgery (CWE-352) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017218 // NVD: CVE-2021-20165

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2802

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202112-2802

PATCH

title:	Top Page	url:	https://www.trendnet.com/	Trust: 0.8
title:	Patch for Trendnet AC2600 TEW-827DRU Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/313386	Trust: 0.6
title:	Trendnet AC2600 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176850	Trust: 0.6

sources: CNVD: CNVD-2022-03199 // JVNDB: JVNDB-2021-017218 // CNNVD: CNNVD-202112-2802

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20165	Trust: 3.9
db:	TENABLE	id:	TRA-2021-54	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-017218	Trust: 0.8
db:	CNVD	id:	CNVD-2022-03199	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2802	Trust: 0.6
db:	VULMON	id:	CVE-2021-20165	Trust: 0.1

sources: CNVD: CNVD-2022-03199 // VULMON: CVE-2021-20165 // JVNDB: JVNDB-2021-017218 // CNNVD: CNNVD-202112-2802 // NVD: CVE-2021-20165

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-54	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20165	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-03199 // VULMON: CVE-2021-20165 // JVNDB: JVNDB-2021-017218 // CNNVD: CNNVD-202112-2802 // NVD: CVE-2021-20165

SOURCES

db:	CNVD	id:	CNVD-2022-03199
db:	VULMON	id:	CVE-2021-20165
db:	JVNDB	id:	JVNDB-2021-017218
db:	CNNVD	id:	CNNVD-202112-2802
db:	NVD	id:	CVE-2021-20165

LAST UPDATE DATE

2024-08-14T13:22:58.211000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-03199	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20165	date:	2022-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-017218	date:	2023-01-10T06:42:00
db:	CNNVD	id:	CNNVD-202112-2802	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2021-20165	date:	2022-01-07T17:41:32.827

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-03199	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20165	date:	2021-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-017218	date:	2023-01-10T00:00:00
db:	CNNVD	id:	CNNVD-202112-2802	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2021-20165	date:	2021-12-30T22:15:09.363