Information disclosure in Tg8 Firewall
CVE-2021-4471
TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the director…
EPSS: 0.006 (43.3th percentile) — read the EPSS interpretation.
Affected products
- Tg8 Firewall — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)