exploitDog

CVE-2021-20154

Опубликовано: 30 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 4.3

EPSS Низкий

Описание

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.

Ссылки

https://www.tenable.com/security/research/tra-2021-54
Third Party Advisory
https://www.tenable.com/security/research/tra-2021-54
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00156

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-vq3f-hc79-r4pc

github

около 4 лет назад

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.

EPSS

Процентиль: 37%

0.00156

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-319