CVE-2021-20162
Description
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Trendnet AC2600 TEW-827DRU stores the admin password and other credentials in plaintext in config files accessible via path traversal.
Vulnerability
Trendnet AC2600 TEW-827DRU firmware version 2.08B01 stores credentials in plaintext in configuration files on the device. The file /etc/config/cameo contains the admin password in cleartext. The Tenable advisory [1] also notes that the information disclosure via the setup wizard (CVE-2021-20150) can be used to access pages containing plaintext passwords.
Exploitation
An attacker with network access to the device can leverage the authentication bypass (CVE-2021-20151) or the setup wizard bypass (CVE-2021-20150) to retrieve the configuration file or browse pages that expose the plaintext credentials. No authentication is required for the bypasses, and the attacker only needs to be on the local network or be able to spoof an IP address [1].
Impact
Successful exploitation allows an attacker to obtain the admin password and any other stored credentials in plaintext. This leads to full administrative access to the router, enabling the attacker to change settings, intercept traffic, or use the device as a pivot point for further attacks on the network.
Mitigation
As of the publication date (December 30, 2021), Trendnet has not released a firmware update to address this issue. Users should monitor the vendor's support page for a patched firmware version. In the meantime, restrict management access to trusted hosts only and use IPv4-only rules to limit exposure via IPv6 [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Trendnet/AC2600 TEW-827DRUdescription
- Range: = 2.08B01
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Usernames and passwords are stored in plaintext in configuration files on the device."
Attack vector
An attacker who already possesses administrative privileges (CVSS: AV:N/AC:H/PR:H) can read the plaintext credentials from configuration files on the device [ref_id=1]. The attack is network-accessible but requires high privileges, meaning an admin-level account must first be compromised or the attacker must have existing admin access. Once obtained, the plaintext passwords can be reused for lateral movement or persistent access.
Affected code
The device stores credentials in plaintext configuration files. For example, the file `/etc/config/cameo` contains the admin password in cleartext [ref_id=1]. No specific function or code path is identified beyond the storage location.
What the fix does
The advisory does not include a patch or remediation guidance from Trendnet [ref_id=1]. No fix has been published in the supplied bundle. To close this vulnerability, the device firmware should be updated to store credentials using a strong, one-way hash rather than plaintext, and configuration file permissions should be restricted to prevent unauthorized read access.
Preconditions
- authAttacker must have administrative (admin) privileges on the device
- networkAttacker must have network access to the device
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.tenable.com/security/research/tra-2021-54mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.