CVE-2021-35033

Summary

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.

Affected Software

VendorProductVersion RangeStatus
ZyxelNBG6818 series firmware1.00(ABSC.0)C0 through 1.00(ABSC.4)C0affected
ZyxelNBG7815 series firmware1.00(ABSK.0)C0 through 1.00(ABSK.6)C0affected
ZyxelWSQ20 series firmware1.00(ABOF.0)C0 through 1.00(ABOF.10)C0affected
ZyxelWSQ50 series firmware1.00(ABKJ.0)C0 through 2.20(ABKJ.6)C0affected
ZyxelWSQ60 series firmware1.00(ABND.0)C0 through 2.20(ABND.7)C0affected
ZyxelWSR30 series firmware1.00(ABMY.0)C0 through 1.00(ABMY.11)C0affected

Weaknesses

  • CWE-260: CWE-260: Password in Configuration File

ADP Enrichment

CVE Program Container

Additional References

References