CVE-2021-35033

HIGH7.8

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user

Published Nov 23, 2021

Modified 1 years ago

Details

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.

References

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2021-35033

WEB

https://www.tenable.com/security/research/tra-2022-06

WEB

https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector