CVE-2021-4471 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remot…
High CVSS: 8.7

CVE-2021-4471

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.
Vendor
-
Product
-
CWE
CWE-538
Yayın Tarihi
2025-11-14 23:15:43
Güncelleme
2025-11-18 14:06:55
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-538 HIGH 2025

Referanslar

https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/ https://web.archive.org/web/20211024224240/http://www.tg8security.com/ https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-user-password-disclosure https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/