EUVD-2021-7622

Malicious code in bioql PyPI...

EUVD-2021-7621

Malicious code in bioql PyPI...

Trendnet AC2600 TEW-827DRU Cross-Site Request Forgery Vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router.Trendnet AC2600 TEW-827DRU has a security vulnerability, which originates from Trendnet AC2600 TEW-827DRU version 2.08B01 fails to properly implement csrf protection, no details of the vulnerability are provided...

Trendnet AC2600 TEW-827DRU Rear Link Vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router.Trendnet AC2600 TEW-827DRU version 2.08B01 has a security vulnerability that can be exploited by attackers to cause remote code execution on the device...

Trendnet AC2600 TEW-827DRU Encryption Issue Vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router.A security vulnerability exists in the Trendnet AC2600 TEW-827DRU, which stems from the fact that the Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protection for the UART function, and an attacker could exploit the vulnerabili...

Trendnet AC2600 TEW-827DRU Licensing Issue Vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router.Trendnet AC2600 TEW-827DRU version 2.08B01 has a security vulnerability that can be exploited by an attacker to manually navigate through the setup wizard and force it to redirect to the desired page, which can bypass authentication and allow users ...

CVE-2021-20163

Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page...

CVE-2021-20164

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page...

CVE-2021-20159

Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter...

CVE-2021-20158

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command...

Code injection

Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page...

Default credentials

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext...

Hardcoded credentials

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678"...

Authentication flaw

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page...

Design/Logic Flaw

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords...

CVE-2021-20164

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page...

CVE-2021-20150

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page...

CVE-2021-20162

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext...

CVE-2021-20160

The CVE-2021-20160 entry concerns Trendnet AC2600 TEW-827DRU (firmware 2.08B01) with a command injection flaw in the SMB configuration flow. The vulnerability arises from the username parameter used when configuring SMB functionality, enabling an attacker with network access to inject commands as...

CVE-2021-20154

CVE-2021-20154 affects Trendnet AC2600 TEW-827DRU (firmware 2.08B01). The root cause is that the device’s web interface does not enable HTTPS by default, allowing cleartext transmission of sensitive data (e.g., passwords) over the network. Affected component is the web interface; impact is exposu...