Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2021-20167

    Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.... Read more

    Affected Products : rax43_firmware rax43
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20166

    Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.... Read more

    Affected Products : rax43_firmware rax43
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20165

    Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not a... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-20164

    Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-20163

    Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-20162

    Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-20161

    Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is requir... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-20160

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-20159

    Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20158

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20157

    It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-20156

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any s... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20155

    Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20154

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-20153

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user ... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-20152

    Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-20151

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-20150

    Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect ... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20149

    Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible v... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20148

    ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain ... Read more

    Affected Products : manageengine_adselfservice_plus
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293649 Results