CVE-2021-4471

TG8 Firewall Unauthenticated User Password Disclosure

Description

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

INFO

Published Date :

2025-11-14T22:50:25.482Z

Last Modified :

2025-11-17T20:44:47.274Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2021-4471 vulnerability.

Vendors	Products
Tg8	Tg8 Firewall
Togrow	Tg8 Firewall

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-4471.

URL	Resource
https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/
https://web.archive.org/web/20211024224240/http://www.tg8security.com/
https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-user-password-disclosure

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability