Sign-up

ID

VAR-202112-2066


CVE

CVE-2021-20151


TITLE

Trendnet AC2600 TEW-827DRU  Session immobilization vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017247

DESCRIPTION

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user's session. Trendnet AC2600 TEW-827DRU Exists in a session immobilization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-20151 // JVNDB: JVNDB-2021-017247 // VULMON: CVE-2021-20151

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-827druscope:eqversion:2.08b01

Trust: 1.0

vendor:trendnetmodel:tew-827druscope:eqversion:tew-827dru firmware 2.08b01

Trust: 0.8

vendor:trendnetmodel:tew-827druscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017247 // NVD: CVE-2021-20151

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20151
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-20151
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202112-2787
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-20151
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-20151
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-20151
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-20151
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-20151 // JVNDB: JVNDB-2021-017247 // CNNVD: CNNVD-202112-2787 // NVD: CVE-2021-20151

PROBLEMTYPE DATA

problemtype:CWE-384

Trust: 1.0

problemtype:Session immobilization (CWE-384) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017247 // NVD: CVE-2021-20151

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2787

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202112-2787

PATCH

title:Top Pageurl:https://www.trendnet.com/

Trust: 0.8

title:Trendnet AC2600 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177157

Trust: 0.6

sources: JVNDB: JVNDB-2021-017247 // CNNVD: CNNVD-202112-2787

EXTERNAL IDS

db:NVDid:CVE-2021-20151

Trust: 3.3

db:TENABLEid:TRA-2021-54

Trust: 2.5

db:JVNDBid:JVNDB-2021-017247

Trust: 0.8

db:CNNVDid:CNNVD-202112-2787

Trust: 0.6

db:VULMONid:CVE-2021-20151

Trust: 0.1

sources: VULMON: CVE-2021-20151 // JVNDB: JVNDB-2021-017247 // CNNVD: CNNVD-202112-2787 // NVD: CVE-2021-20151

REFERENCES

url:https://www.tenable.com/security/research/tra-2021-54

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-20151

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/384.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-20151 // JVNDB: JVNDB-2021-017247 // CNNVD: CNNVD-202112-2787 // NVD: CVE-2021-20151

SOURCES

db:VULMONid:CVE-2021-20151
db:JVNDBid:JVNDB-2021-017247
db:CNNVDid:CNNVD-202112-2787
db:NVDid:CVE-2021-20151

LAST UPDATE DATE

2024-08-14T13:22:58.422000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-20151date:2022-01-07T00:00:00
db:JVNDBid:JVNDB-2021-017247date:2023-01-12T04:36:00
db:CNNVDid:CNNVD-202112-2787date:2022-01-13T00:00:00
db:NVDid:CVE-2021-20151date:2022-01-07T16:20:13.403

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-20151date:2021-12-30T00:00:00
db:JVNDBid:JVNDB-2021-017247date:2023-01-12T00:00:00
db:CNNVDid:CNNVD-202112-2787date:2021-12-30T00:00:00
db:NVDid:CVE-2021-20151date:2021-12-30T22:15:08.670