Vulnerability Details CVE-2021-35033
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.9
References
- https://www.tenable.com/security/research/tra-2022-06
- https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml
- https://www.tenable.com/security/research/tra-2022-06
- https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml
Products affected by CVE-2021-35033
-
cpe:2.3:h:zyxel:nbg6818:-
-
cpe:2.3:h:zyxel:nbg7815:-
-
cpe:2.3:h:zyxel:wsq20:-
-
cpe:2.3:h:zyxel:wsq50:-
-
cpe:2.3:h:zyxel:wsq60:-
-
cpe:2.3:h:zyxel:wsr30:-
-
cpe:2.3:o:zyxel:nbg6818_firmware:-
-
cpe:2.3:o:zyxel:nbg7815_firmware:-
-
cpe:2.3:o:zyxel:wsq20_firmware:-
-
cpe:2.3:o:zyxel:wsq50_firmware:-
-
cpe:2.3:o:zyxel:wsq60_firmware:-
-
cpe:2.3:o:zyxel:wsr30_firmware:-