7.8
CVE-2021-35033
- EPSS 0.04%
- Published 23.11.2021 22:15:07
- Last modified 21.11.2024 06:11:42
- Source security@zyxel.com.tw
- Teams watchlist Login
- Open Login
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.
Data is provided by the National Vulnerability Database (NVD)
Zyxel ≫ Nbg6818 Firmware Version < 1.00\(absc.5\)c0
Zyxel ≫ Nbg7815 Firmware Version < 1.00\(absk.7\)c0
Zyxel ≫ Wsq20 Firmware Version < 1.00\(abof.11\)c0
Zyxel ≫ Wsq50 Firmware Version < 2.20\(abkj.7\)c0
Zyxel ≫ Wsq60 Firmware Version < 2.20\(abnd.8\)c0
Zyxel ≫ Wsr30 Firmware Version < 1.00\(abmy.12\)c0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.07 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| security@zyxel.com.tw | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-260 Password in Configuration File
The product stores a password in a configuration file that might be accessible to actors who do not know the password.
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.