TG8 Firewall Unauthenticated User Password Disclosure
CVE-2021-4471

8.7HIGH

Key Information:

Vendor: Tg8
Status: Tg8 Firewall
Vendor: CVE Published:; 14 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-4471?

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

Affected Version(s)

TG8 Firewall 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-4471 - Proof of Concept

References

https://ssd-disclosure.com/ssd-advisory-tg8-firewall-prea...

technical-descriptionexploit

https://web.archive.org/web/20211024224240/http://www.tg8...

product

https://www.vulncheck.com/advisories/tg8-firewall-unauthe...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 14, 2025
👾
Exploit known to exist
Nov 14, 2025
Vulnerability published
Nov 14, 2025
Vulnerability Reserved
Nov 14, 2025

Credit

SSD Secure Disclosure

JSON

Tg8

Badges

What is CVE-2021-4471?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit