CVE-2021-20154
First published: Thu Dec 30 2021(Updated: )
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TRENDnet TEW-827DRU firmware | =2.08b01 | |
| TRENDnet TEW-827DRU | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-20154?
CVE-2021-20154 is classified as a medium severity vulnerability due to the potential for sensitive information exposure.
How do I fix CVE-2021-20154?
To fix CVE-2021-20154, enable HTTPS on the Trendnet AC2600 TEW-827DRU web interface to securely transmit sensitive information.
What types of information are affected by CVE-2021-20154?
CVE-2021-20154 affects sensitive information such as passwords and configuration data that could be transmitted in cleartext.
Which versions of the firmware are impacted by CVE-2021-20154?
CVE-2021-20154 impacts Trendnet TEW-827DRU firmware version 2.08B01.
Is there a workaround for CVE-2021-20154?
A possible workaround for CVE-2021-20154 is to implement network-level protections, but enabling HTTPS is the recommended solution.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- agent/source
- vendor/trendnet
- canonical/trendnet tew-827dru firmware
- version/trendnet tew-827dru firmware/2.08b01
- canonical/trendnet tew-827dru
- version/trendnet tew-827dru/2.0