Sign-up

ID

VAR-202112-2064


CVE

CVE-2021-20153


TITLE

Trendnet AC2600 TEW-827DRU  Link interpretation vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017249

DESCRIPTION

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include "config", "downloads", and "torrents", though it should be noted that "downloads" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations. Trendnet AC2600 TEW-827DRU Exists in a link interpretation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Trendnet AC2600 TEW-827DRU is a wireless router

Trust: 2.25

sources: NVD: CVE-2021-20153 // JVNDB: JVNDB-2021-017249 // CNVD: CNVD-2022-03194 // VULMON: CVE-2021-20153

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-03194

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-827druscope:eqversion:2.08b01

Trust: 1.0

vendor:trendnetmodel:tew-827druscope:eqversion:tew-827dru firmware 2.08b01

Trust: 0.8

vendor:trendnetmodel:tew-827druscope:eqversion: -

Trust: 0.8

vendor:trendnetmodel:ac2600 tew-827dru 2.08b01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-03194 // JVNDB: JVNDB-2021-017249 // NVD: CVE-2021-20153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20153
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-20153
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-03194
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202112-2797
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-20153
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-20153
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-03194
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-20153
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20153
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-03194 // VULMON: CVE-2021-20153 // JVNDB: JVNDB-2021-017249 // CNNVD: CNNVD-202112-2797 // NVD: CVE-2021-20153

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.0

problemtype:Link interpretation problem (CWE-59) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017249 // NVD: CVE-2021-20153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2797

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202112-2797

PATCH

title:Top Pageurl:https://www.trendnet.com/

Trust: 0.8

title:Patch for Trendnet AC2600 TEW-827DRU Post Link Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/313416

Trust: 0.6

title:Trendnet AC2600 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177165

Trust: 0.6

sources: CNVD: CNVD-2022-03194 // JVNDB: JVNDB-2021-017249 // CNNVD: CNNVD-202112-2797

EXTERNAL IDS

db:NVDid:CVE-2021-20153

Trust: 3.9

db:TENABLEid:TRA-2021-54

Trust: 3.1

db:JVNDBid:JVNDB-2021-017249

Trust: 0.8

db:CNVDid:CNVD-2022-03194

Trust: 0.6

db:CNNVDid:CNNVD-202112-2797

Trust: 0.6

db:VULMONid:CVE-2021-20153

Trust: 0.1

sources: CNVD: CNVD-2022-03194 // VULMON: CVE-2021-20153 // JVNDB: JVNDB-2021-017249 // CNNVD: CNNVD-202112-2797 // NVD: CVE-2021-20153

REFERENCES

url:https://www.tenable.com/security/research/tra-2021-54

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20153

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/59.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-03194 // VULMON: CVE-2021-20153 // JVNDB: JVNDB-2021-017249 // CNNVD: CNNVD-202112-2797 // NVD: CVE-2021-20153

SOURCES

db:CNVDid:CNVD-2022-03194
db:VULMONid:CVE-2021-20153
db:JVNDBid:JVNDB-2021-017249
db:CNNVDid:CNNVD-202112-2797
db:NVDid:CVE-2021-20153

LAST UPDATE DATE

2024-08-14T13:22:58.336000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-03194date:2022-01-13T00:00:00
db:VULMONid:CVE-2021-20153date:2022-01-07T00:00:00
db:JVNDBid:JVNDB-2021-017249date:2023-01-12T04:36:00
db:CNNVDid:CNNVD-202112-2797date:2022-01-10T00:00:00
db:NVDid:CVE-2021-20153date:2022-01-07T16:27:36.187

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-03194date:2022-01-13T00:00:00
db:VULMONid:CVE-2021-20153date:2021-12-30T00:00:00
db:JVNDBid:JVNDB-2021-017249date:2023-01-12T00:00:00
db:CNNVDid:CNNVD-202112-2797date:2021-12-30T00:00:00
db:NVDid:CVE-2021-20153date:2021-12-30T22:15:08.753