CVE-2021-20160
HIGHTrendnet TEW-827DRU 2.08B01 - OS Command Injection via SMB Username Parameter
Title source: llmDescription
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2021-54
Scores
CVSS v3
8.8
EPSS
0.0828
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
trendnet/tew-827dru_firmware
2.08b01
Published
Dec 30, 2021
Tracked Since
Feb 18, 2026