CVE-2021-20158

CRITICAL NUCLEI

Trendnet Tew-827dru Firmware - Missing Authentication

Title source: rule

Description

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.

Nuclei Templates (1)

Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change

CRITICALby gy741

Shodan: http.html:"TEW-827DRU" || http.html:"tew-827dru"

FOFA: body="tew-827dru"

References (1)

[Third Party Advisory] https://www.tenable.com/security/research/tra-2021-54

Scores

CVSS v3 9.8

EPSS 0.8034

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (1)

trendnet/tew-827dru_firmware 2.08b01

Published Dec 30, 2021

Tracked Since Feb 18, 2026