Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-35033 |
CWE-ID | CWE-255 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
NBG6818 Hardware solutions / Firmware NBG7815 Hardware solutions / Firmware WSQ20 Hardware solutions / Firmware WSQ50 Hardware solutions / Firmware WSQ60 Hardware solutions / Firmware WSR30 Hardware solutions / Firmware |
Vendor | ZyXEL Communications Corp. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU58335
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35033
CWE-ID:
CWE-255 - Credentials Management
Exploit availability: No
DescriptionThe vulnerability allows a local user can compromise the target system.
The vulnerability exists due to improper password management. A local user can dismantle and take the device, connect to it using a USB-to-UART cable and gain root access.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNBG6818: before 1.00(ABSC.5)C0
NBG7815: before 1.00(ABSK.7)C0
WSQ20: before 1.00(ABOF.11)C0
WSQ50: before 2.20(ABKJ.7)C0
WSQ60: before 2.20(ABND.8)C0
WSR30: before 1.00(ABMY.12)C0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.