CVE-2021-35034

Critical

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access…

Zyxel·CWE-613·Published 2021-12-29

CVSS

9.1

EPSS

0.01

KEV

Exploits

cve.orgen

189 chars

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

NVDen

189 chars

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

Una vulnerabilidad de caducidad de sesión insuficiente en el programa CGI del firmware Zyxel NBG6604 podría permitir a un atacante remoto acceder al dispositivo si es posible interceptar el token correcto

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
3.1	Primary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.1	Primary	cve.org	7.4	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3.1	Primary	cve.org	7.4	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3.1	Secondary	NVD	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N