Nbg6604 Firmware
CVE-2021-35035
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.
AnalysisAI
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-312. A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. Affected products include: Zyxel Nbg6604 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Nbg6604 Firmware
View allAn insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote a
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)
The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allo
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today