Details of VAR-202112-2061

ID

VAR-202112-2061

CVE

CVE-2021-20156

TITLE

Trendnet AC2600 TEW-827DRU Digital Signature Verification Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017227

DESCRIPTION

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated "check for updates" in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate. Trendnet AC2600 TEW-827DRU Exists in a digital signature verification vulnerability.Information may be tampered with. Trendnet AC2600 TEW-827DRU is a wireless router. Trendnet AC2600 TEW-827DRU version 2.08B01 has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2021-20156 // JVNDB: JVNDB-2021-017227 // CNVD: CNVD-2022-03195 // VULMON: CVE-2021-20156

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-03195

AFFECTED PRODUCTS

vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	2.08b01	Trust: 1.0
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	-	Trust: 0.8
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	tew-827dru firmware 2.08b01	Trust: 0.8
vendor:	trendnet	model:	ac2600 tew-827dru 2.08b01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-03195 // JVNDB: JVNDB-2021-017227 // NVD: CVE-2021-20156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20156
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-20156
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-03195
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202112-2798
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-20156
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20156
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-03195
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20156
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20156
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-03195 // VULMON: CVE-2021-20156 // JVNDB: JVNDB-2021-017227 // CNNVD: CNNVD-202112-2798 // NVD: CVE-2021-20156

PROBLEMTYPE DATA

problemtype:	CWE-347	Trust: 1.0
problemtype:	Improper verification of digital signatures (CWE-347) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017227 // NVD: CVE-2021-20156

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2798

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202112-2798

PATCH

title:	Top Page	url:	https://www.trendnet.com/	Trust: 0.8
title:	Patch for Trendnet AC2600 TEW-827DRU Data Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/313406	Trust: 0.6
title:	Trendnet AC2600 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176573	Trust: 0.6

sources: CNVD: CNVD-2022-03195 // JVNDB: JVNDB-2021-017227 // CNNVD: CNNVD-202112-2798

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20156	Trust: 3.9
db:	TENABLE	id:	TRA-2021-54	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-017227	Trust: 0.8
db:	CNVD	id:	CNVD-2022-03195	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2798	Trust: 0.6
db:	VULMON	id:	CVE-2021-20156	Trust: 0.1

sources: CNVD: CNVD-2022-03195 // VULMON: CVE-2021-20156 // JVNDB: JVNDB-2021-017227 // CNNVD: CNNVD-202112-2798 // NVD: CVE-2021-20156

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-54	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20156	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/347.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-03195 // VULMON: CVE-2021-20156 // JVNDB: JVNDB-2021-017227 // CNNVD: CNNVD-202112-2798 // NVD: CVE-2021-20156

SOURCES

db:	CNVD	id:	CNVD-2022-03195
db:	VULMON	id:	CVE-2021-20156
db:	JVNDB	id:	JVNDB-2021-017227
db:	CNNVD	id:	CNNVD-202112-2798
db:	NVD	id:	CVE-2021-20156

LAST UPDATE DATE

2024-08-14T13:22:58.928000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-03195	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20156	date:	2022-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-017227	date:	2023-01-10T07:18:00
db:	CNNVD	id:	CNNVD-202112-2798	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2021-20156	date:	2022-01-07T17:33:54.700

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-03195	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20156	date:	2021-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-017227	date:	2023-01-10T00:00:00
db:	CNNVD	id:	CNNVD-202112-2798	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2021-20156	date:	2021-12-30T22:15:08.893