CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2021-35033
https://notcve.org/view.php?id=CVE-2021-35033
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. Una vulnerabilidad en versiones específicas del firmware de Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60 y WSR30 con administación de contraseñas preconfigurada podría permitir a un atacante obtener acceso root del dispositivo, si el atacante local desmonta el dispositivo y usa un cable USB a UART para conectarlo, o si la funcionalidad remote assistance ha sido habilitada por un usuario autenticado • https://www.tenable.com/security/research/tra-2022-06 https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml • CWE-260: Password in Configuration File CWE-287: Improper Authentication •