Trendnet Tew-827dru Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Trendnet Tew-827dru Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (42)
CVE-2021-20151 — CVSS 10.0 (critical): Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software…
CVE-2024-28354 — CVSS 10.0 (critical): There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands…
CVE-2020-14080 — CVSS 9.8 (critical): TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated…
CVE-2019-13279 — CVSS 9.8 (critical): TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for…
CVE-2021-20149 — CVSS 9.8 (critical): Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for…
CVE-2021-20158 — CVSS 9.8 (critical): Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous…
CVE-2019-13276 — CVSS 9.8 (critical): TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows…
CVE-2021-20155 — CVSS 9.8 (critical): Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations…
CVE-2019-13278 — CVSS 9.8 (critical): TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup…
CVE-2020-14074 — CVSS 8.8 (high): TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated…
CVE-2020-14075 — CVSS 8.8 (high): TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect…
CVE-2020-14076 — CVSS 8.8 (high): TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated…
CVE-2020-14077 — CVSS 8.8 (high): TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated…
CVE-2020-14078 — CVSS 8.8 (high): TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated…
CVE-2020-14079 — CVSS 8.8 (high): TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated…
CVE-2020-14081 — CVSS 8.8 (high): TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key…
CVE-2019-13153 — CVSS 8.8 (high): An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with…
CVE-2019-13149 — CVSS 8.8 (high): An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with…
CVE-2019-13150 — CVSS 8.8 (high): An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with…
CVE-2019-13151 — CVSS 8.8 (high): An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with…
CVE-2019-13152 — CVSS 8.8 (high): An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with…
CVE-2019-13148 — CVSS 8.8 (high): An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with…
CVE-2019-13154 — CVSS 8.8 (high): An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with…
CVE-2019-13155 — CVSS 8.8 (high): An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with…
CVE-2019-13280 — CVSS 8.8 (high): TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to…
CVE-2021-20159 — CVSS 8.8 (high): Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for…
CVE-2021-20160 — CVSS 8.8 (high): Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username…
CVE-2021-20165 — CVSS 8.8 (high): Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections…
CVE-2024-28353 — CVSS 8.8 (high): There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands…
CVE-2024-36728 — CVSS 8.1 (high): TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated…
CVE-2021-20157 — CVSS 7.5 (high): It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command.
CVE-2021-20154 — CVSS 7.5 (high): Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default…
CVE-2019-13277 — CVSS 7.5 (high): TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality…
CVE-2021-20161 — CVSS 6.8 (medium): Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical…
CVE-2021-20153 — CVSS 6.8 (medium): Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent…
CVE-2021-20156 — CVSS 6.5 (medium): Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware…
CVE-2021-20152 — CVSS 6.5 (medium): Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit…
CVE-2024-36729 — CVSS 6.3 (medium): TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated…
CVE-2021-20150 — CVSS 5.3 (medium): Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be…
CVE-2021-20163 — CVSS 4.9 (medium): Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed…
CVE-2021-20162 — CVSS 4.9 (medium): Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config…
CVE-2021-20164 — CVSS 4.9 (medium): Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and…