Insufficient Session Expiration in Zyxel NBG6604 Firmware
CVE-2021-35034

7.4HIGH

Key Information:

Vendor: Zyxel
Status: Nbg6604 Series Firmware
Vendor: CVE Published:; 29 December 2021

Summary

The Zyxel NBG6604 firmware contains an insufficient session expiration vulnerability in its CGI program, allowing a potential remote attacker to gain unauthorized access if they successfully intercept a valid session token. This vulnerability underscores the importance of robust session management practices to protect sensitive information and prevent unauthorized access.

Affected Version(s)

NBG6604 series firmware 1.00(ABIR.8)C0

References

https://www.zyxel.com/support/Zyxel_security_advisory_for...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2021
Vulnerability Reserved
Jun 17, 2021