Details of VAR-202112-2063

ID

VAR-202112-2063

CVE

CVE-2021-20154

TITLE

Trendnet AC2600 TEW-827DRU Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017229

DESCRIPTION

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords. Trendnet AC2600 TEW-827DRU is a wireless router

Trust: 2.25

sources: NVD: CVE-2021-20154 // JVNDB: JVNDB-2021-017229 // CNVD: CNVD-2022-03193 // VULMON: CVE-2021-20154

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-03193

AFFECTED PRODUCTS

vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	2.08b01	Trust: 1.0
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	-	Trust: 0.8
vendor:	trendnet	model:	tew-827dru	scope:	eq	version:	tew-827dru firmware 2.08b01	Trust: 0.8
vendor:	trendnet	model:	ac2600 tew-827dru 2.08b01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-03193 // JVNDB: JVNDB-2021-017229 // NVD: CVE-2021-20154

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20154
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-20154
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-03193
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202112-2796
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-20154
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20154
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-03193
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20154
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20154
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-03193 // VULMON: CVE-2021-20154 // JVNDB: JVNDB-2021-017229 // CNNVD: CNNVD-202112-2796 // NVD: CVE-2021-20154

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.0
problemtype:	Sending important information in clear text (CWE-319) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017229 // NVD: CVE-2021-20154

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2796

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-2796

PATCH

title:	Top Page	url:	https://www.trendnet.com/	Trust: 0.8
title:	Trendnet AC2600 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176571	Trust: 0.6

sources: JVNDB: JVNDB-2021-017229 // CNNVD: CNNVD-202112-2796

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20154	Trust: 3.9
db:	TENABLE	id:	TRA-2021-54	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-017229	Trust: 0.8
db:	CNVD	id:	CNVD-2022-03193	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2796	Trust: 0.6
db:	VULMON	id:	CVE-2021-20154	Trust: 0.1

sources: CNVD: CNVD-2022-03193 // VULMON: CVE-2021-20154 // JVNDB: JVNDB-2021-017229 // CNNVD: CNNVD-202112-2796 // NVD: CVE-2021-20154

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-54	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20154	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/319.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-03193 // VULMON: CVE-2021-20154 // JVNDB: JVNDB-2021-017229 // CNNVD: CNNVD-202112-2796 // NVD: CVE-2021-20154

SOURCES

db:	CNVD	id:	CNVD-2022-03193
db:	VULMON	id:	CVE-2021-20154
db:	JVNDB	id:	JVNDB-2021-017229
db:	CNNVD	id:	CNNVD-202112-2796
db:	NVD	id:	CVE-2021-20154

LAST UPDATE DATE

2024-08-14T13:22:58.800000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-03193	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20154	date:	2022-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-017229	date:	2023-01-10T07:24:00
db:	CNNVD	id:	CNNVD-202112-2796	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2021-20154	date:	2022-01-07T16:29:28.360

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-03193	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-20154	date:	2021-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-017229	date:	2023-01-10T00:00:00
db:	CNNVD	id:	CNNVD-202112-2796	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2021-20154	date:	2021-12-30T22:15:08.800