6.5

CVE-2021-35036

A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.

Data is provided by the National Vulnerability Database (NVD)
ZyxelAx7501-b0 Firmware Version < 5.17\(abpc.2\)c0
   ZyxelAx7501-b0 Version-
ZyxelDx3301-t0 Firmware Version < 5.50\(abvy.3\)c0
   ZyxelDx3301-t0 Version-
ZyxelDx5401-b0 Firmware Version < 5.17\(abyo.2\)c0
   ZyxelDx5401-b0 Version-
ZyxelEmg3525-t50b Firmware Version < 5.50\(abpm.7\)c0
   ZyxelEmg3525-t50b Version-
ZyxelEmg5523-t50b Firmware Version < 5.50\(abpm.7\)c0
   ZyxelEmg5523-t50b Version-
ZyxelEmg5723-t50k Firmware Version < 5.50\(abom.8\)c0
   ZyxelEmg5723-t50k Version-
ZyxelEp240p Firmware Version < 5.40\(abvh.0\)c0a03
   ZyxelEp240p Version-
ZyxelEx5401-b0 Firmware Version < 5.17\(abyo.2\)c0
   ZyxelEx5401-b0 Version-
ZyxelEx5501-b0 Firmware Version < 5.17\(abry.3\)c0
   ZyxelEx5501-b0 Version-
ZyxelLte3301-plus Firmware Version < 1.00\(abqu.6\)c0
   ZyxelLte3301-plus Version-
ZyxelLte5388-m804 Firmware Version < 1.00\(abra.6\)c0
   ZyxelLte5388-m804 Version-
ZyxelLte5388-s905 Firmware Version < 1.00\(abvi.6\)c0
   ZyxelLte5388-s905 Version-
ZyxelLte5398-m904 Firmware Version < 1.00\(abqv.2\)c0
   ZyxelLte5398-m904 Version-
ZyxelLte7240-m403 Firmware Version < 2.00\(abmg.6\)c0
   ZyxelLte7240-m403 Version-
ZyxelLte7461-m602 Firmware Version < 2.00\(abqn.6\)c0
   ZyxelLte7461-m602 Version-
ZyxelLte7480-m804 Firmware Version < 1.00\(abra.6\)c0
   ZyxelLte7480-m804 Version-
ZyxelLte7480-s905 Firmware Version < 2.00\(abqt.6\)c0
   ZyxelLte7480-s905 Version-
ZyxelLte7485-s905 Firmware Version < 1.00\(abvn.6\)c0
   ZyxelLte7485-s905 Version-
ZyxelLte7490-m804 Firmware Version < v1.00\(abqy.5\)c0
   ZyxelLte7490-m804 Version-
ZyxelNr5101 Firmware Version < 1.00\(abvc.6\)c0
   ZyxelNr5101 Version-
ZyxelNr7101 Firmware Version < 1.00\(abuv.7\)c0
   ZyxelNr7101 Version-
ZyxelNr7102 Firmware Version < 1.00\(abyd.2\)c0
   ZyxelNr7102 Version-
ZyxelPm7300-t0 Firmware Version < 5.42\(acbc.1\)c0
   ZyxelPm7300-t0 Version-
ZyxelPmg5317-t20b Firmware Version < 5.40\(abki.4\)c0
   ZyxelPmg5317-t20b Version-
ZyxelPmg5617-t20b2 Firmware Version < 5.41\(acbb.1\)c0
   ZyxelPmg5617-t20b2 Version-
ZyxelPmg5617ga Firmware Version < 5.40\(abna.2\)c0
   ZyxelPmg5617ga Version-
ZyxelPmg5622ga Firmware Version < 5.40\(abnb.2\)c0
   ZyxelPmg5622ga Version-
ZyxelVmg3625-t50b Firmware Version < 5.50\(abtl.0\)b2r
   ZyxelVmg3625-t50b Version-
ZyxelVmg3927-t50k Firmware Version < 5.50\(abom.8\)c0
   ZyxelVmg3927-t50k Version-
ZyxelVmg8623-t50b Firmware Version < 5.50\(abpm.7\)c0
   ZyxelVmg8623-t50b Version-
ZyxelVmg8825-t50k Firmware Version < 5.50\(abom.8\)c0
   ZyxelVmg8825-t50k Version-
ZyxelVmg3625-t50b Firmware SwEditioncentral_america Version < 5.50\(accr.0\)b4
   ZyxelVmg3625-t50b Version-
ZyxelVmg3625-t50b Firmware SwEditionemea Version < 5.50\(abpm.7\)c0
   ZyxelVmg3625-t50b Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.19% 0.413
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:P/I:N/A:N
security@zyxel.com.tw 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.