CVE-2021-35036
MEDIUMCVSS 6.5/10EPSS 0.47%
Last modified
CVE-2021-35036 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.
Description
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Ax7501-B0 Firmware | < 5.17\(abpc.2\)c0 |
| Zyxel | Dx3301-T0 Firmware | < 5.50\(abvy.3\)c0 |
| Zyxel | Dx5401-B0 Firmware | < 5.17\(abyo.2\)c0 |
| Zyxel | Emg3525-T50b Firmware | < 5.50\(abpm.7\)c0 |
| Zyxel | Emg5523-T50b Firmware | < 5.50\(abpm.7\)c0 |
| Zyxel | Emg5723-T50k Firmware | < 5.50\(abom.8\)c0 |
| Zyxel | Ep240p Firmware | < 5.40\(abvh.0\)c0a03 |
| Zyxel | Ex5401-B0 Firmware | < 5.17\(abyo.2\)c0 |
| Zyxel | Ex5501-B0 Firmware | < 5.17\(abry.3\)c0 |
| Zyxel | Lte3301-Plus Firmware | < 1.00\(abqu.6\)c0 |
| Zyxel | Lte5388-M804 Firmware | < 1.00\(abra.6\)c0 |
| Zyxel | Lte5388-S905 Firmware | < 1.00\(abvi.6\)c0 |
| Zyxel | Lte5398-M904 Firmware | < 1.00\(abqv.2\)c0 |
| Zyxel | Lte7240-M403 Firmware | < 2.00\(abmg.6\)c0 |
| Zyxel | Lte7461-M602 Firmware | < 2.00\(abqn.6\)c0 |
| Zyxel | Lte7480-M804 Firmware | < 1.00\(abra.6\)c0 |
| Zyxel | Lte7480-S905 Firmware | < 2.00\(abqt.6\)c0 |
| Zyxel | Lte7485-S905 Firmware | < 1.00\(abvn.6\)c0 |
| Zyxel | Lte7490-M804 Firmware | < v1.00\(abqy.5\)c0 |
| Zyxel | Nr5101 Firmware | < 1.00\(abvc.6\)c0 |
| Zyxel | Nr7101 Firmware | < 1.00\(abuv.7\)c0 |
| Zyxel | Nr7102 Firmware | < 1.00\(abyd.2\)c0 |
| Zyxel | Pm7300-T0 Firmware | < 5.42\(acbc.1\)c0 |
| Zyxel | Pmg5317-T20b Firmware | < 5.40\(abki.4\)c0 |
| Zyxel | Pmg5617-T20b2 Firmware | < 5.41\(acbb.1\)c0 |
| Zyxel | Pmg5617ga Firmware | < 5.40\(abna.2\)c0 |
| Zyxel | Pmg5622ga Firmware | < 5.40\(abnb.2\)c0 |
| Zyxel | Vmg3625-T50b Firmware | < 5.50\(abtl.0\)b2r |
| Zyxel | Vmg3927-T50k Firmware | < 5.50\(abom.8\)c0 |
| Zyxel | Vmg8623-T50b Firmware | < 5.50\(abpm.7\)c0 |
| Zyxel | Vmg8825-T50k Firmware | < 5.50\(abom.8\)c0 |
| Zyxel | Vmg3625-T50b Firmware | < 5.50\(accr.0\)b4 |
| Zyxel | Vmg3625-T50b Firmware | < 5.50\(abpm.7\)c0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-35036?
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
How severe is CVE-2021-35036?
CVE-2021-35036 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.47% probability of exploitation in the next 30 days.
How do I fix CVE-2021-35036?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2021-35036?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST