CVE-2021-35036

A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.5 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zyxel:ep240p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zyxel:lte3301-plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zyxel:lte5388-m804_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte5388-m804:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zyxel:lte5388-s905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte5388-s905:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:zyxel:lte5398-m904_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte5398-m904:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:zyxel:lte7240-m403_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte7240-m403:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:zyxel:lte7461-m602_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte7461-m602:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:zyxel:lte7480-s905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte7480-s905:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:zyxel:lte7485-s905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte7485-s905:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:zyxel:lte7490-m804_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte7490-m804:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nr5101:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:zyxel:pmg5317-t20b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:zyxel:pmg5617ga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:zyxel:pmg5622ga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:central_america:*:*:*

cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:emea:*:*:*

cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*

History

30 Sep 2022, 18:34

Type	Values Removed	Values Added
First Time		Zyxel ex5501-b0 Firmware Zyxel nr7101 Firmware Zyxel pm7300-t0 Firmware Zyxel dx5401-b0 Firmware Zyxel pmg5617ga Firmware Zyxel lte5388-s905 Firmware Zyxel nr7102 Zyxel lte7480-m804 Zyxel vmg8623-t50b Zyxel pmg5622ga Zyxel lte7480-m804 Firmware Zyxel dx3301-t0 Firmware Zyxel ex5401-b0 Firmware Zyxel lte7240-m403 Zyxel vmg8825-t50k Zyxel dx5401-b0 Zyxel emg3525-t50b Zyxel lte5388-s905 Zyxel nr5101 Firmware Zyxel pmg5617-t20b2 Zyxel emg5723-t50k Firmware Zyxel lte3301-plus Firmware Zyxel nr7102 Firmware Zyxel pmg5622ga Firmware Zyxel pmg5617ga Zyxel ax7501-b0 Zyxel pmg5317-t20b Zyxel lte5388-m804 Zyxel pmg5317-t20b Firmware Zyxel nr7101 Zyxel lte7461-m602 Zyxel emg5723-t50k Zyxel lte3301-plus Zyxel pm7300-t0 Zyxel lte7490-m804 Zyxel ep240p Firmware Zyxel vmg8825-t50k Firmware Zyxel emg3525-t50b Firmware Zyxel ex5401-b0 Zyxel lte7461-m602 Firmware Zyxel lte7480-s905 Firmware Zyxel lte7490-m804 Firmware Zyxel Zyxel ax7501-b0 Firmware Zyxel lte7480-s905 Zyxel vmg8623-t50b Firmware Zyxel emg5523-t50b Zyxel ex5501-b0 Zyxel nr5101 Zyxel vmg3927-t50k Zyxel lte5398-m904 Zyxel pmg5617-t20b2 Firmware Zyxel emg5523-t50b Firmware Zyxel lte5398-m904 Firmware Zyxel vmg3625-t50b Zyxel lte7485-s905 Firmware Zyxel lte7240-m403 Firmware Zyxel vmg3625-t50b Firmware Zyxel lte5388-m804 Firmware Zyxel dx3301-t0 Zyxel ep240p Zyxel vmg3927-t50k Firmware Zyxel lte7485-s905
CWE		CWE-312
CPE		cpe:2.3:o:zyxel:emg5523-t50b_firmware:::::::: cpe:2.3:h:zyxel:ex5401-b0:-:::::::* cpe:2.3:h:zyxel:ex5501-b0:-:::::::* cpe:2.3:o:zyxel:nr7102_firmware:::::::: cpe:2.3:h:zyxel:pmg5622ga:-:::::::* cpe:2.3:h:zyxel:ax7501-b0:-:::::::* cpe:2.3:o:zyxel:ax7501-b0_firmware:::::::: cpe:2.3:o:zyxel:dx5401-b0_firmware:::::::: cpe:2.3:o:zyxel:emg5723-t50k_firmware:::::::: cpe:2.3:h:zyxel:vmg3625-t50b:-:::::::* cpe:2.3:o:zyxel:lte7461-m602_firmware:::::::: cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:::::::: cpe:2.3:o:zyxel:pmg5617ga_firmware:::::::: cpe:2.3:o:zyxel:nr5101_firmware:::::::: cpe:2.3:o:zyxel:lte7480-s905_firmware:::::::: cpe:2.3:h:zyxel:lte7490-m804:-:::::::* cpe:2.3:o:zyxel:nr7101_firmware:::::::: cpe:2.3:h:zyxel:lte5398-m904:-:::::::* cpe:2.3:o:zyxel:vmg3625-t50b_firmware:::::::: cpe:2.3:o:zyxel:lte5388-m804_firmware:::::::: cpe:2.3:h:zyxel:nr7101:-:::::::* cpe:2.3:h:zyxel:pmg5617ga:-:::::::* cpe:2.3:h:zyxel:emg3525-t50b:-:::::::* cpe:2.3:o:zyxel:ex5501-b0_firmware:::::::: cpe:2.3:o:zyxel:lte7485-s905_firmware:::::::: cpe:2.3:h:zyxel:lte7480-m804:-:::::::* cpe:2.3:h:zyxel:vmg8825-t50k:-:::::::* cpe:2.3:o:zyxel:vmg3625-t50b_firmware:::::emea:::* cpe:2.3:h:zyxel:emg5723-t50k:-:::::::* cpe:2.3:o:zyxel:lte7240-m403_firmware:::::::: cpe:2.3:h:zyxel:vmg8623-t50b:-:::::::* cpe:2.3:h:zyxel:pmg5617-t20b2:-:::::::* cpe:2.3:h:zyxel:vmg3927-t50k:-:::::::* cpe:2.3:h:zyxel:nr5101:-:::::::* cpe:2.3:h:zyxel:nr7102:-:::::::* cpe:2.3:h:zyxel:lte7485-s905:-:::::::* cpe:2.3:h:zyxel:dx5401-b0:-:::::::* cpe:2.3:h:zyxel:lte7480-s905:-:::::::* cpe:2.3:o:zyxel:vmg3625-t50b_firmware:::::central_america:::* cpe:2.3:h:zyxel:dx3301-t0:-:::::::* cpe:2.3:o:zyxel:vmg8623-t50b_firmware:::::::: cpe:2.3:o:zyxel:lte5388-s905_firmware:::::::: cpe:2.3:h:zyxel:ep240p:-:::::::* cpe:2.3:o:zyxel:ep240p_firmware:::::::: cpe:2.3:o:zyxel:ex5401-b0_firmware:::::::: cpe:2.3:o:zyxel:lte7490-m804_firmware:::::::: cpe:2.3:h:zyxel:pmg5317-t20b:-:::::::* cpe:2.3:h:zyxel:lte7240-m403:-:::::::* cpe:2.3:o:zyxel:lte5398-m904_firmware:::::::: cpe:2.3:o:zyxel:vmg3927-t50k_firmware:::::::: cpe:2.3:o:zyxel:lte3301-plus_firmware:::::::: cpe:2.3:o:zyxel:dx3301-t0_firmware:::::::: cpe:2.3:o:zyxel:pm7300-t0_firmware:::::::: cpe:2.3:o:zyxel:lte7480-m804_firmware:::::::: cpe:2.3:o:zyxel:emg3525-t50b_firmware:::::::: cpe:2.3:o:zyxel:vmg8825-t50k_firmware:::::::: cpe:2.3:o:zyxel:pmg5317-t20b_firmware:::::::: cpe:2.3:h:zyxel:lte5388-m804:-:::::::* cpe:2.3:h:zyxel:lte7461-m602:-:::::::* cpe:2.3:h:zyxel:emg5523-t50b:-:::::::* cpe:2.3:h:zyxel:lte5388-s905:-:::::::* cpe:2.3:h:zyxel:pm7300-t0:-:::::::* cpe:2.3:o:zyxel:pmg5622ga_firmware:::::::: cpe:2.3:h:zyxel:lte3301-plus:-:::::::*
References	~~(CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability -~~	(CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 3.5 v3 : 6.5

27 Sep 2022, 23:15

Type	Values Removed	Values Added
Summary	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.	A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
References		(CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability -

02 Mar 2022, 16:15

Type	Values Removed	Values Added
Summary	~~A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.~~	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.
References	{'url': 'https://www.zyxel.com/support/OS-command-injection-vulnerability-of-NWA1100-NH-access-point.shtml', 'name': 'https://www.zyxel.com/support/OS-command-injection-vulnerability-of-NWA1100-NH-access-point.shtml', 'tags': [], 'refsource': 'CONFIRM'}

01 Mar 2022, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-01 07:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-35036

Mitre link : CVE-2021-35036

CVE.ORG link : CVE-2021-35036

JSON object : View

Products Affected

zyxel

lte3301-plus
nr7101
pmg5317-t20b_firmware
ex5501-b0
dx3301-t0
lte7480-s905_firmware
dx3301-t0_firmware
pmg5617-t20b2
ax7501-b0_firmware
ex5401-b0_firmware
lte7490-m804_firmware
ep240p_firmware
pmg5622ga_firmware
lte5388-s905_firmware
ep240p
lte5398-m904
nr7102_firmware
pmg5617-t20b2_firmware
vmg8623-t50b_firmware
vmg3927-t50k
ex5501-b0_firmware
pm7300-t0
lte7480-m804_firmware
lte5388-s905
dx5401-b0_firmware
vmg3625-t50b
emg5723-t50k_firmware
emg5723-t50k
lte7480-m804
lte7485-s905_firmware
pmg5622ga
vmg3625-t50b_firmware
lte7240-m403_firmware
ex5401-b0
lte7490-m804
pmg5617ga_firmware
lte7480-s905
vmg8623-t50b
lte7461-m602
pmg5617ga
vmg3927-t50k_firmware
lte7240-m403
lte3301-plus_firmware
lte5388-m804
emg3525-t50b
emg3525-t50b_firmware
lte7485-s905
ax7501-b0
nr5101_firmware
lte5388-m804_firmware
nr5101
nr7101_firmware
vmg8825-t50k_firmware
emg5523-t50b
lte5398-m904_firmware
dx5401-b0
nr7102
pm7300-t0_firmware
emg5523-t50b_firmware
vmg8825-t50k
lte7461-m602_firmware
pmg5317-t20b

CWE

CWE-312

Cleartext Storage of Sensitive Information

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-35036

6.5^/10

3.5^/10

Attach tags to `CVE-2021-35036`