What is CVE-2021-20158?

CVE-2021-20158 is a vulnerability in Trendnet Ac2600 Tew-827dru. Published 2021-12-30.

Is CVE-2021-20158 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Trendnet Ac2600 Tew-827dru

CVE-2021-20158

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.

EPSS: 0.864 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a Trendnet Ac2600 Tew-827dru — versions 2.08B01

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

www.tenable.com/security/research/tra-2021-54 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-20158?: CVE-2021-20158 is a vulnerability in Trendnet Ac2600 Tew-827dru. Published 2021-12-30.
Is CVE-2021-20158 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.