CVE-2021-20160

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.
References
Link Resource
https://www.tenable.com/security/research/tra-2021-54 Exploit Third Party Advisory
https://www.tenable.com/security/research/tra-2021-54 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:46

Type Values Removed Values Added
References () https://www.tenable.com/security/research/tra-2021-54 - Exploit, Third Party Advisory () https://www.tenable.com/security/research/tra-2021-54 - Exploit, Third Party Advisory

Information

Published : 2021-12-30 22:15

Updated : 2024-11-21 05:46


NVD link : CVE-2021-20160

Mitre link : CVE-2021-20160

CVE.ORG link : CVE-2021-20160


JSON object : View

Products Affected

trendnet

  • tew-827dru
  • tew-827dru_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')