CVE-2021-27328

MEDIUM

Yeastar NeoGate TG400 <91.3.0.3 - Path Traversal

Title source: llm

Description

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.

Exploits (1)

nomisec WORKING POC

by SQSamir · poc

https://github.com/SQSamir/CVE-2021-27328

View Code ZIP pw:eip

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

http://yeastar.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/SQSamir/CVE-2021-27328

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/161560/Yeastar-TG400-GSM-Gateway-91.3.0.3-Path-Traversal.html

Scores

CVSS v3 6.5

EPSS 0.3892

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

yeastar/neogate_tg400_firmware 91.3.0.3

Published Feb 19, 2021

Tracked Since Feb 18, 2026