CVE-2021-35035

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 77.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nbg6604 Firmware Zyxel Nbg6604 Series Firmware

Timeline

PublishedDec 29

Latest updateDec 30

Description

A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDzyxel/nbg6604_firmware< 1.00\(abir.9\)c0

▶CVEListV5zyxel/nbg6604_series_firmware1.00(ABIR.8)C0

🔴Vulnerability Details

GHSA

GHSA-778x-386c-73gw: A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensit↗2021-12-30

▶

CVEList

CVE-2021-35035: A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensit↗2021-12-29

▶