CVE-2021-4471
Description
TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.
Is your site exposed to CVE-2021-4471?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2021-4471? +
How do I check if I'm vulnerable to CVE-2021-4471? +
Related Vulnerabilities
During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret …
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after …
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that …
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version …
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP …
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, …