Login Sign Up

CVE-2021-20160

8.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes a command injection vulnerability in Trendnet AC2600 routers that allows attackers to execute arbitrary commands as root by injecting malicious input into the SMB username parameter. The vulnerability affects users of Trendnet AC2600 TEW-827DRU routers with vulnerable firmware versions. Successful exploitation gives attackers complete control over the affected device.

💻 Affected Systems

Products:
  • Trendnet AC2600 TEW-827DRU
Versions: 2.08B01
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the SMB configuration functionality which is accessible through the web interface.

📦 What is this software?

Tew 827dru Firmware by Trendnet

View all CVEs affecting Tew 827dru Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, intercept network traffic, pivot to internal networks, or use the device as part of a botnet.

🟠

Likely Case

Attackers gain root access to the router, enabling them to modify network settings, intercept traffic, or use the device for further attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the affected device only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication to the web interface. The vulnerability is well-documented with public proof-of-concept code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.08B02 or later

Vendor Advisory: https://www.trendnet.com/support/

Restart Required: Yes

Instructions:

1. Log into Trendnet router web interface. 2. Navigate to Administration > Firmware Upgrade. 3. Download latest firmware from Trendnet website. 4. Upload and install firmware. 5. Reboot router after installation.

🔧 Temporary Workarounds

Disable SMB functionality

all

Disable SMB file sharing on the router to remove the vulnerable component

Navigate to USB Storage > File Sharing and disable SMB

Restrict web interface access

all

Limit access to the router's web administration interface

Navigate to Advanced > Firewall and restrict admin access to trusted IPs only

🧯 If You Can't Patch

  • Segment affected routers on isolated network segments
  • Implement strict firewall rules to limit router management interface access

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under Administration > Status

Check Version:

Check via web interface or SSH if enabled: cat /etc/version

Verify Fix Applied:

Verify firmware version is 2.08B02 or later after patching

📡 Detection & Monitoring

Log Indicators:

  • Unusual SMB configuration changes
  • Multiple failed login attempts to web interface
  • Unexpected command execution in system logs

Network Indicators:

  • Unusual outbound connections from router
  • SMB traffic to unexpected destinations
  • Router making DNS queries to suspicious domains

SIEM Query:

source="router_logs" AND ("SMB" OR "username" OR "command injection")

📊 Metadata

CVE ID: CVE-2021-20160
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: December 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20160, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)