Sign-up

ID

VAR-202112-2068


CVE

CVE-2021-20149


TITLE

Trendnet AC2600 TEW-827DRU  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017245

DESCRIPTION

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default. Trendnet AC2600 TEW-827DRU Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-20149 // JVNDB: JVNDB-2021-017245 // VULMON: CVE-2021-20149

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-827druscope:eqversion:2.08b01

Trust: 1.0

vendor:trendnetmodel:tew-827druscope:eqversion:tew-827dru firmware 2.08b01

Trust: 0.8

vendor:trendnetmodel:tew-827druscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017245 // NVD: CVE-2021-20149

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20149
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-20149
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202112-2790
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-20149
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-20149
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-20149
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20149
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-20149 // JVNDB: JVNDB-2021-017245 // CNNVD: CNNVD-202112-2790 // NVD: CVE-2021-20149

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017245 // NVD: CVE-2021-20149

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2790

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-2790

PATCH

title:Top Pageurl:https://www.trendnet.com/

Trust: 0.8

title:Trendnet AC2600 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177160

Trust: 0.6

sources: JVNDB: JVNDB-2021-017245 // CNNVD: CNNVD-202112-2790

EXTERNAL IDS

db:NVDid:CVE-2021-20149

Trust: 3.3

db:TENABLEid:TRA-2021-54

Trust: 2.5

db:JVNDBid:JVNDB-2021-017245

Trust: 0.8

db:CNNVDid:CNNVD-202112-2790

Trust: 0.6

db:VULMONid:CVE-2021-20149

Trust: 0.1

sources: VULMON: CVE-2021-20149 // JVNDB: JVNDB-2021-017245 // CNNVD: CNNVD-202112-2790 // NVD: CVE-2021-20149

REFERENCES

url:https://www.tenable.com/security/research/tra-2021-54

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-20149

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-20149 // JVNDB: JVNDB-2021-017245 // CNNVD: CNNVD-202112-2790 // NVD: CVE-2021-20149

SOURCES

db:VULMONid:CVE-2021-20149
db:JVNDBid:JVNDB-2021-017245
db:CNNVDid:CNNVD-202112-2790
db:NVDid:CVE-2021-20149

LAST UPDATE DATE

2024-08-14T13:22:58.366000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-20149date:2022-01-07T00:00:00
db:JVNDBid:JVNDB-2021-017245date:2023-01-12T04:36:00
db:CNNVDid:CNNVD-202112-2790date:2022-01-10T00:00:00
db:NVDid:CVE-2021-20149date:2022-01-07T16:10:25.860

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-20149date:2021-12-30T00:00:00
db:JVNDBid:JVNDB-2021-017245date:2023-01-12T00:00:00
db:CNNVDid:CNNVD-202112-2790date:2021-12-30T00:00:00
db:NVDid:CVE-2021-20149date:2021-12-30T22:15:08.580