CVE-2021-35033

HIGH7.8

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user

Published Nov 23, 2021

Modified 1 years ago

No fix available

Details

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.

References

ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2021-35033 WEBhttps://www.tenable.com/security/research/tra-2022-06 WEBhttps://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Other

CWE-260

Ecosystems

Timeline

PublishedNov 23, 2021

ModifiedAug 4, 2024