Details of VAR-202112-2057

ID

VAR-202112-2057

CVE

CVE-2021-20160

TITLE

Trendnet AC2600 TEW-827DRU In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-017223

DESCRIPTION

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root. Trendnet AC2600 TEW-827DRU for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Trendnet AC2600 TEW-827DRU is a wireless router. The Trendnet AC2600 TEW-827DRU has a security vulnerability that can be exploited by attackers to perform command injection attacks as root

Trust: 2.25

sources: NVD: CVE-2021-20160 // JVNDB: JVNDB-2021-017223 // CNVD: CNVD-2022-03200 // VULMON: CVE-2021-20160

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-03200

AFFECTED PRODUCTS

vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	2.08b01	Trust: 1.0
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	-	Trust: 0.8
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	tew-827dru firmware 2.08b01	Trust: 0.8
vendor:	trendnet	model:	ac2600 tew-827dru 2.08b01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-03200 // JVNDB: JVNDB-2021-017223 // NVD: CVE-2021-20160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20160
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-20160
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-03200
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202112-2803
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-20160
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-20160
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-03200
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20160
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20160
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-03200 // VULMON: CVE-2021-20160 // JVNDB: JVNDB-2021-017223 // CNNVD: CNNVD-202112-2803 // NVD: CVE-2021-20160

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017223 // NVD: CVE-2021-20160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2803

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2803

PATCH

title:	Top Page	url:	https://www.trendnet.com/	Trust: 0.8
title:	Patch for Trendnet AC2600 TEW-827DRU Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/313381	Trust: 0.6
title:	Trendnet AC2600 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176851	Trust: 0.6

sources: CNVD: CNVD-2022-03200 // JVNDB: JVNDB-2021-017223 // CNNVD: CNNVD-202112-2803

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20160	Trust: 3.9
db:	TENABLE	id:	TRA-2021-54	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-017223	Trust: 0.8
db:	CNVD	id:	CNVD-2022-03200	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2803	Trust: 0.6
db:	VULMON	id:	CVE-2021-20160	Trust: 0.1

sources: CNVD: CNVD-2022-03200 // VULMON: CVE-2021-20160 // JVNDB: JVNDB-2021-017223 // CNNVD: CNNVD-202112-2803 // NVD: CVE-2021-20160

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-54	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20160	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-03200 // VULMON: CVE-2021-20160 // JVNDB: JVNDB-2021-017223 // CNNVD: CNNVD-202112-2803 // NVD: CVE-2021-20160

SOURCES

db:	CNVD	id:	CNVD-2022-03200
db:	VULMON	id:	CVE-2021-20160
db:	JVNDB	id:	JVNDB-2021-017223
db:	CNNVD	id:	CNNVD-202112-2803
db:	NVD	id:	CVE-2021-20160

LAST UPDATE DATE

2024-08-14T13:22:58.865000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-03200	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20160	date:	2022-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-017223	date:	2023-01-10T07:01:00
db:	CNNVD	id:	CNNVD-202112-2803	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-20160	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-03200	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20160	date:	2021-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-017223	date:	2023-01-10T00:00:00
db:	CNNVD	id:	CNNVD-202112-2803	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2021-20160	date:	2021-12-30T22:15:09.113