exploitDog

CVE-2021-20149

Опубликовано: 30 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default.

Ссылки

https://www.tenable.com/security/research/tra-2021-54
Third Party Advisory
https://www.tenable.com/security/research/tra-2021-54
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00706

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-5rm5-xp9h-jf8q

github

около 4 лет назад

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default.

EPSS

Процентиль: 72%

0.00706

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-863