Details of VAR-202112-2053

ID

VAR-202112-2053

CVE

CVE-2021-20164

TITLE

Trendnet AC2600 TEW-827DRU Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017219

DESCRIPTION

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page. Trendnet AC2600 TEW-827DRU There are vulnerabilities in inadequate protection of credentials.Information may be obtained. Trendnet AC2600 TEW-827DRU is a wireless router. An information disclosure vulnerability exists in the Trendnet AC2600 TEW-827DRU that stems from failing to properly disclose credentials for the device's smb capabilities. An attacker can exploit the vulnerability to display the username and password of all mb users in clear text on the mbserver.asp page

Trust: 2.25

sources: NVD: CVE-2021-20164 // JVNDB: JVNDB-2021-017219 // CNVD: CNVD-2022-03204 // VULMON: CVE-2021-20164

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-03204

AFFECTED PRODUCTS

vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	2.08b01	Trust: 1.0
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	-	Trust: 0.8
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	tew-827dru firmware 2.08b01	Trust: 0.8
vendor:	trendnet	model:	ac2600 tew-827dru 2.08b01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-03204 // JVNDB: JVNDB-2021-017219 // NVD: CVE-2021-20164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20164
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-20164
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-03204
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202112-2810
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-20164
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20164
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-03204
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20164
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20164
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-03204 // VULMON: CVE-2021-20164 // JVNDB: JVNDB-2021-017219 // CNNVD: CNNVD-202112-2810 // NVD: CVE-2021-20164

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017219 // NVD: CVE-2021-20164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2810

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202112-2810

PATCH

title:	Top Page	url:	https://www.trendnet.com/	Trust: 0.8
title:	Patch for Trendnet AC2600 TEW-827DRU Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/313361	Trust: 0.6
title:	Trendnet AC2600 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176858	Trust: 0.6

sources: CNVD: CNVD-2022-03204 // JVNDB: JVNDB-2021-017219 // CNNVD: CNNVD-202112-2810

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20164	Trust: 3.9
db:	TENABLE	id:	TRA-2021-54	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-017219	Trust: 0.8
db:	CNVD	id:	CNVD-2022-03204	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2810	Trust: 0.6
db:	VULMON	id:	CVE-2021-20164	Trust: 0.1

sources: CNVD: CNVD-2022-03204 // VULMON: CVE-2021-20164 // JVNDB: JVNDB-2021-017219 // CNNVD: CNNVD-202112-2810 // NVD: CVE-2021-20164

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-54	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20164	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-03204 // VULMON: CVE-2021-20164 // JVNDB: JVNDB-2021-017219 // CNNVD: CNNVD-202112-2810 // NVD: CVE-2021-20164

SOURCES

db:	CNVD	id:	CNVD-2022-03204
db:	VULMON	id:	CVE-2021-20164
db:	JVNDB	id:	JVNDB-2021-017219
db:	CNNVD	id:	CNNVD-202112-2810
db:	NVD	id:	CVE-2021-20164

LAST UPDATE DATE

2024-08-14T13:22:58.392000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-03204	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20164	date:	2022-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-017219	date:	2023-01-10T06:46:00
db:	CNNVD	id:	CNNVD-202112-2810	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2021-20164	date:	2022-01-07T17:40:31.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-03204	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20164	date:	2021-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-017219	date:	2023-01-10T00:00:00
db:	CNNVD	id:	CNNVD-202112-2810	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2021-20164	date:	2021-12-30T22:15:09.317