Information disclosure in Tg8 Firewall

CVE-2021-4471

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the director…

EPSS: 0.006 (43.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References