CRITICAL🇵🇱 Wersja polska

CVE-2021-20151

CVSS 10.0v3.1pub. 2021-12-30upd. 2024-11-21

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user's session.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Trendnet Tew 827dru

    HW
    Trendnet
    2.0
  • Trendnet Tew 827dru Firmware

    OS
    Trendnet
    2.08b01
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-28354CRITICAL10.0PL ✓ten sam produkt

Command injection w routerze TRENDnet TEW-827DRU — zdalny dostęp root

CVE-2021-20158CRITICAL9.8ten sam produkt

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for...

CVE-2021-20155CRITICAL9.8ten sam produkt

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and re...

CVE-2021-20149CRITICAL9.8ten sam produkt

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The...

CVE-2020-14080CRITICAL9.8ten sam produkt

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overf...