CVE-2021-20165: CSRF
First published: Thu Dec 30 2021(Updated: )
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible).
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TRENDnet TEW-827DRU firmware | =2.08b01 | |
| TRENDnet TEW-827DRU | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-20165?
CVE-2021-20165 has been rated as a medium severity vulnerability due to insufficient CSRF protections.
How do I fix CVE-2021-20165?
To fix CVE-2021-20165, users should update their Trendnet AC2600 TEW-827DRU firmware to a version that properly implements CSRF protections.
What devices are affected by CVE-2021-20165?
CVE-2021-20165 specifically affects Trendnet AC2600 TEW-827DRU firmware version 2.08B01.
What happens if I don't address CVE-2021-20165?
If CVE-2021-20165 is not addressed, attackers can exploit the CSRF vulnerability to perform unauthorized actions on the device.
Are there any workarounds for CVE-2021-20165?
Currently, the primary mitigation for CVE-2021-20165 is to upgrade to a patched version of the firmware.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- agent/source
- vendor/trendnet
- canonical/trendnet tew-827dru firmware
- version/trendnet tew-827dru firmware/2.08b01
- canonical/trendnet tew-827dru
- version/trendnet tew-827dru/2.0