CVE-2021-20150

MEDIUM NUCLEI

Trendnet Tew-827dru Firmware - Missing Authentication

Title source: rule

Description

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.

Nuclei Templates (1)

Trendnet AC2600 TEW-827DRU - Credentials Disclosure

MEDIUMby gy741

Shodan: http.html:"TEW-827DRU" || http.html:"tew-827dru"

FOFA: body="tew-827dru"

References (1)

[Mitigation, Third Party Advisory] https://www.tenable.com/security/research/tra-2021-54

Scores

CVSS v3 5.3

EPSS 0.3519

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-306

Status published

Products (1)

trendnet/tew-827dru_firmware 2.08b01

Published Dec 30, 2021

Tracked Since Feb 18, 2026