PT-2021-6109 · Zyxel · Zyxel Nbg6604

Published

2021-12-29

Updated

2022-01-07

CVE-2021-35034

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Zyxel NBG6604 firmware (affected versions not specified)

Description The issue is related to an insufficient session expiration in the CGI program of the Zyxel NBG6604 firmware. This could allow a remote attacker to access the device if the correct token can be intercepted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

BDU:2022-00847

CVE-2021-35034

Affected Products

Zyxel Nbg6604

PT-2021-6109 · Zyxel · Zyxel Nbg6604

CVE-2021-35034

Weakness Enumeration

Related Identifiers

Affected Products

References · 5