CVE-2021-4471

N/A Unknown
Published: November 14, 2025 Modified: November 18, 2025
View on NVD

Description

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/
Source: disclosure@vulncheck.com
https://web.archive.org/web/20211024224240/http://www.tg8security.com/
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-user-password-disclosure
Source: disclosure@vulncheck.com
https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.4%
57th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-538

Related CVEs

CVE-2026-0824 3.5
CVE-2026-0822 6.3
CVE-2025-13393 4.3
CVE-2025-12379 6.4
CVE-2026-0821 7.3