Dec 30, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 5 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-20151 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2021-20158 Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability.

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Trendnet Tew-827dru Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-45427 Emerson Xweb300d Evo Firmware Directory Traversal

  • CVSS 9.8

New critical Emerson Xweb300d Evo Firmware Directory Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-20149 CVSS 9.8

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface.

CVE-2021-20151 CVSS 10

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device.

CVE-2021-20155 CVSS 9.8

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials.

CVE-2021-20158 CVSS 9.8

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability.

CVE-2021-45427 CVSS 9.8

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal.

View critical disclosures

cvelogic Threat Intelligence