CVE-2021-35033

Published: Nov 23, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.

Vendor	Product	Versions
Zyxel	NBG6818 series firmware	affected `1.00(ABSC.0)C0 through 1.00(ABSC.4)C0`
Zyxel	NBG7815 series firmware	affected `1.00(ABSK.0)C0 through 1.00(ABSK.6)C0`
Zyxel	WSQ20 series firmware	affected `1.00(ABOF.0)C0 through 1.00(ABOF.10)C0`
Zyxel	WSQ50 series firmware	affected `1.00(ABKJ.0)C0 through 2.20(ABKJ.6)C0`
Zyxel	WSQ60 series firmware	affected `1.00(ABND.0)C0 through 2.20(ABND.7)C0`
Zyxel	WSR30 series firmware	affected `1.00(ABMY.0)C0 through 1.00(ABMY.11)C0`

Weaknesses (CWE)

CWE-260

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml

x_refsource_CONFIRM

https://www.tenable.com/security/research/tra-2022-06

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-35033

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References