QwikSec

Security Database

CVE

CWE

Training

CVE-2021-4470

Published: Nov 14, 2025

Modified: Nov 18, 2025

PUBLISHED

Description

TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to execute arbitrary operating system commands as root, resulting in full device compromise.

Vendor	Product	Versions
TG8	TG8 Firewall	affected `0`

Weaknesses (CWE)

References

https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/

technical-description

exploit

https://web.archive.org/web/20211024224240/http://www.tg8security.com/

product

https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-rce-via-runphpcmd-php

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.