Cleartext Storage Vulnerability in Zyxel NBG6604 Firmware
CVE-2021-35035

4.9MEDIUM

Key Information:

Vendor: Zyxel
Status: Nbg6604 Series Firmware
Vendor: CVE Published:; 29 December 2021

What is CVE-2021-35035?

A vulnerability exists in the Zyxel NBG6604 firmware that allows remote, authenticated attackers to access sensitive information stored in the configuration file in cleartext. This flaw could be exploited to compromise the security of the network and expose confidential data. It is crucial for users of the Zyxel NBG6604 router to review their firmware for updates and apply necessary security patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

NBG6604 series firmware 1.00(ABIR.8)C0

References

https://www.zyxel.com/support/Zyxel_security_advisory_for...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2021
Vulnerability Reserved
Jun 17, 2021