CVE-2021-20150
Description
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authentication bypass in Trendnet AC2600 TEW-827DRU setup wizard allows unauthenticated attackers to view sensitive information as Admin via forced redirect.
Vulnerability
The vulnerability resides in the setup wizard of the Trendnet AC2600 TEW-827DRU router running firmware version 2.08B01. The device improperly handles redirection after the setup wizard is canceled, allowing an unauthenticated user to bypass authentication and access administrative pages by manually crafting a POST request to /apply_sec.cgi with parameters that force a redirect to a target page [1].
Exploitation
An attacker with network access to the router's web interface can exploit this by sending a POST request to /apply_sec.cgi with action=setup_wizard_cancel and setting html_response_page to a sensitive page such as client_status.asp or the FTP setup page. The server responds with the content of the requested page, bypassing authentication [1].
Impact
Successful exploitation allows the attacker to view sensitive information, including user account passwords (if configured), system logs, and other administrative data, with the privileges of an Admin user. However, the attacker cannot perform write operations or execute commands; the impact is limited to information disclosure (confidentiality) [1].
Mitigation
As of the publication date, no firmware update has been released to address this vulnerability. Users are advised to restrict access to the router's management interface to trusted networks only and to monitor for vendor updates [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Trendnet/AC2600 TEW-827DRUdescription
- Range: =2.08B01
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.tenable.com/security/research/tra-2021-54mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.