TG8 Firewall Unauthenticated RCE via runphpcmd.php
CVE-2021-4470

9.3CRITICAL

Key Information:

Vendor: Tg8
Status: Tg8 Firewall
Vendor: CVE Published:; 14 November 2025

Badges

👾 Exploit Exists

What is CVE-2021-4470?

TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to execute arbitrary operating system commands as root, resulting in full device compromise.

Affected Version(s)

TG8 Firewall 0

References

https://ssd-disclosure.com/ssd-advisory-tg8-firewall-prea...

technical-descriptionexploit

https://web.archive.org/web/20211024224240/http://www.tg8...

product

https://www.vulncheck.com/advisories/tg8-firewall-unauthe...

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 14, 2025
👾
Exploit known to exist
Nov 14, 2025
Vulnerability published
Nov 14, 2025
Vulnerability Reserved
Nov 14, 2025

Credit

SSD Secure Disclosure

JSON

Tg8

Badges

What is CVE-2021-4470?

Affected Version(s)

References

CVSS V4

Timeline

Credit