Skip to main content
CVE-2021-20158 CRITICAL POC THREAT Act Now

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tew 827Dru Firmware
NVD
CVSS 3.1
9.8
EPSS
10.8%
CVE-2021-20155 CRITICAL POC Act Now

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tew 827Dru Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-45427 CRITICAL POC THREAT Act Now

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Xweb300D Evo Firmware
NVD
CVSS 3.1
9.8
EPSS
19.0%
CVE-2021-20173 HIGH POC This Week

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2021-20165 HIGH POC This Week

Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tew 827Dru Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-20160 HIGH POC This Week

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-20159 HIGH POC This Week

Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2021-20132 HIGH POC This Week

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 2640 Us Firmware
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2021-20134 HIGH POC This Week

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Path Traversal Dir 2640 Us Firmware
NVD
CVSS 3.1
8.4
EPSS
7.5%
CVE-2021-20167 HIGH POC This Week

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rax43 Firmware
NVD
CVSS 3.1
8.0
EPSS
8.5%
CVE-2021-20172 HIGH POC This Week

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Netgear Apple Privilege Escalation Genie Installer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-4190 HIGH POC This Week

Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-4186 HIGH POC This Week

Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Fedora
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-4185 HIGH POC This Week

Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Debian Linux Http Server +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-4184 HIGH POC This Week

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Debian Linux Http Server +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-4182 HIGH POC PATCH This Week

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Http Server Zfs Storage Appliance Kit
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-4181 HIGH POC This Week

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Wireshark Fedora +3
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2021-20157 HIGH POC This Week

It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tew 827Dru Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-4188 HIGH POC PATCH This Week

mruby is vulnerable to NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Mruby
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-20133 MEDIUM POC This Month

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D-Link Path Traversal Dir 2640 Us Firmware
NVD
CVSS 3.1
6.1
EPSS
2.1%
CVE-2021-45818 MEDIUM POC This Month

SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Code Injection Safari Montage
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20151 CRITICAL Act Now

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Tew 827Dru Firmware
NVD
CVSS 3.1
10.0
EPSS
1.6%
CVE-2021-20149 CRITICAL Act Now

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tew 827Dru Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-4183 MEDIUM POC PATCH This Month

Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wireshark Fedora +2
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2021-43862 MEDIUM POC PATCH This Month

jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Jquery Terminal
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-20150 MEDIUM POC THREAT This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tew 827Dru Firmware
NVD
CVSS 3.1
5.3
EPSS
40.1%
CVE-2021-45732 HIGH This Week

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Authentication Bypass R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-20170 HIGH This Week

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Rax43 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-20166 HIGH This Week

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Rax43 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-45379 HIGH PATCH This Week

Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Glewlwyd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-45077 HIGH This Week

Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R6700 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-20175 HIGH This Week

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R6700 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-20174 HIGH This Week

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R6700 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-20154 HIGH This Week

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tew 827Dru Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-44466 HIGH PATCH This Week

Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Bitmask Riseup Vpn
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2021-23147 MEDIUM This Month

Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass R6700 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-20169 MEDIUM This Month

Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rax43 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-20168 MEDIUM This Month

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Rax43 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-20161 MEDIUM This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tew 827Dru Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-20153 MEDIUM This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Tew 827Dru Firmware
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2021-20156 MEDIUM This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Tew 827Dru Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-20152 MEDIUM This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tew 827Dru Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38876 MEDIUM PATCH This Month

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-45815 MEDIUM This Month

Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Uc20 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20171 MEDIUM This Month

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Netgear Information Disclosure Rax43 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-43861 MEDIUM PATCH This Month

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mermaid
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-20164 MEDIUM This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tew 827Dru Firmware
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2021-20163 MEDIUM This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tew 827Dru Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-20162 MEDIUM This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tew 827Dru Firmware
NVD
CVSS 3.1
4.9
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy