Vulnerabilities > CVE-2021-35034 - Insufficient Session Expiration vulnerability in Zyxel Nbg6604 Firmware

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

zyxel

CWE-613

NVD

Published: 2021-12-29

Updated: 2022-01-07

Summary

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel Nbg6604 Firmware -	1
Hardware	Zyxel Zyxel Nbg6604 -	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.zyxel.com/support/Zyxel_security_advisory_for_sensitive_information_vulnerabilities_of_NBG6604_home_router.shtml