Vulnerabilities > CVE-2021-35034 - Insufficient Session Expiration vulnerability in Zyxel Nbg6604 Firmware

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

zyxel

CWE-613

critical

NVD

Published: 2021-12-29

Updated: 2022-01-07

Summary

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel Nbg6604 Firmware -	1
Hardware	Zyxel Zyxel Nbg6604 -	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.zyxel.com/support/Zyxel_security_advisory_for_sensitive_information_vulnerabilities_of_NBG6604_home_router.shtml