CVE-2021-35033

CVSS 7.8 HIGHEPSS 0.4%CWE-260

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

Zyxel · NBG6818 series firmware Zyxel · NBG7815 series firmware Zyxel · WSQ20 series firmware Zyxel · WSQ50 series firmware Zyxel · WSQ60 series firmware Zyxel · WSR30 series firmware

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.tenable.com/security/research/tra-2022-06 https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml