How severe is CVE-2021-4471?

The severity of CVE-2021-4471 has not been assessed with CVSS v3.

CVE-2021-4471

NONE

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate

Publicado: 11/14/2025Actualizado: 11/18/2025

Descripción

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

Análisis IAImpulsado por IA

Referencias

https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/
https://web.archive.org/web/20211024224240/http://www.tg8security.com/
https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-user-password-disclosure
https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/