CVE-2021-20149
Description
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Trendnet AC2600 TEW-827DRU firmware 2.08B01 fails to apply iptables rules to IPv6, exposing all internal services to the WAN via IPv6.
Vulnerability
Trendnet AC2600 TEW-827DRU router firmware version 2.08B01 does not enforce firewall rules for IPv6 traffic. The default iptables ruleset only applies to IPv4, leaving all services running on the device (e.g., web interface, FTP, Telnet) accessible from the WAN interface via IPv6 without any access controls [1].
Exploitation
An attacker positioned on the WAN side (i.e., the internet) can directly connect to any service exposed on the router's LAN interface by using IPv6 addressing. No authentication, user interaction, or prior access is required because the firewall rules are simply absent for IPv6 [1].
Impact
Successful exploitation allows an unauthenticated, remote attacker to access and potentially interact with all services on the router, including administrative interfaces and data stores. This can lead to information disclosure (e.g., passwords, logs) and may enable further compromise, such as credential theft or configuration changes. The CVSS score is 5.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) [1].
Mitigation
As of the firmware version 2.08B01, no official patch has been released by Trendnet. The only mitigation is to disable IPv6 on the WAN interface or to manually add IPv6 firewall rules via iptables if the router provides such capability. Users should monitor vendor updates for a fixed version [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Trendnet/AC2600 TEW-827DRUdescription
- Range: = 2.08B01
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.tenable.com/security/research/tra-2021-54mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.