Improper Information Disclosure and Authentication Bypass in Trendnet AC2600 TEW-827DRU Version 2.08B01 Setup Wizard

Improper Information Disclosure and Authentication Bypass in Trendnet AC2600 TEW-827DRU Version 2.08B01 Setup Wizard

CVE-2021-20150 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.

Learn more about our User Device Pen Test.