Tg8 Firewall vulnerabilities
2 known vulnerabilities affecting tg8/tg8_firewall.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-4470P2CRITICALCVSS 9.3v02025-11-14
CVE-2021-4470 [CRITICAL] CWE-78 CVE-2021-4470: TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php
TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to execute arbitrary operating system commands as root, resulti
nvd
CVE-2021-4471P3HIGHCVSS 8.7v02025-11-14
CVE-2021-4471 [HIGH] CWE-538 CVE-2021-4471: TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory sto
TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized acces
nvd