CVE-2021-35036

CWE-312 — Cleartext Storage of Sensitive Info5 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 64.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Ax7501-b0 Firmware Zyxel Dx3301-t0 Firmware Zyxel Dx5401-b0 Firmware +28 more

Timeline

PublishedMar 1

Latest updateMar 2

Description

A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages32 packages

▶NVDzyxel/vmg3625-t50b_firmware< 5.50\(abtl.0\)b2r+2

▶CVEListV5zyxel/vmg3625-t50b_firmwareV5.50(ABTL.0)b2k

▶NVDzyxel/emg3525-t50b_firmware< 5.50\(abpm.7\)c0

▶NVDzyxel/emg5523-t50b_firmware< 5.50\(abpm.7\)c0

▶NVDzyxel/vmg8623-t50b_firmware< 5.50\(abpm.7\)c0

🔴Vulnerability Details

GHSA

GHSA-pp3g-h9w2-v7g4: A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on t↗2022-03-02

▶

CVEList

CVE-2021-35036: A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5↗2022-03-01

▶