CVE-2021-35033 Information

Description

A vulnerability in specific versions of Zyxel NBG6818 NBG7815 WSQ20 WSQ50 WSQ60 and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device or if the remote assistance feature had been enabled by an authenticated user.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml https://www.tenable.com/security/research/tra-2022-06

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8