Improper Information Disclosure and Authentication Bypass in Trendnet AC2600 TEW-827DRU Version 2.08B01 Setup Wizard
CVE-2021-20150 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
Learn more about our User Device Pen Test.