How severe is CVE-2021-4471?

The severity of CVE-2021-4471 has not been assessed with CVSS v3.

CVE-2021-4471

NONE

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate

Published: 11/14/2025Updated: 11/18/2025

Description

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

AI AnalysisPowered by AI

References

https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/
https://web.archive.org/web/20211024224240/http://www.tg8security.com/
https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-user-password-disclosure
https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/