CVE-2021-35034

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.3%

top 44.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nbg6604 Firmware Zyxel Nbg6604 Series Firmware

Timeline

PublishedDec 29

Latest updateDec 30

Description

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶NVDzyxel/nbg6604_firmware< 1.00\(abir.9\)c0

▶CVEListV5zyxel/nbg6604_series_firmware1.00(ABIR.8)C0

🔴Vulnerability Details

GHSA

GHSA-38gc-w4h9-7pmf: An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device i↗2021-12-30

▶

CVEList

CVE-2021-35034: An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device i↗2021-12-29

▶