CVE-2021-20164

MEDIUM

4.9CVSS v3

4.0CVSS v2

0.26% EPSS (exploit probability)

CWE-522CWE

Description

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected routers (1)

Vendor	Model	Matched via	Affected versions	Fixed in	Patch Status
TRENDnet	TRENDnet TEW-827DRU	`—`	—	—	Unpatched

External references

NIST NVD
MITRE CVE