CVE-2021-20155
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of '12345678'.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0073
Percentile
0,7th
Updated
EPSS Score Trend (Last 91 Days)
798
Use of Hard-coded Credentials
DraftCommon Consequences
Security Scopes Affected:
Access Control
Integrity
Confidentiality
Availability
Other
Potential Impacts:
Bypass Protection Mechanism
Read Application Data
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Other
Applicable Platforms
Technologies:
Mobile, ICS/OT
Operating System
Tew-827Dru Firmware by Trendnet
CPE Identifier
View Detailed Analysis
cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.tenable.com/security/research/tra-2021-54
https://www.tenable.com/security/research/tra-2021-54