CVE-2021-35036

MEDIUM

Zyxel VMG3625-T50B <V5.50(ABTL.0)b2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-35036. PoCs published by minanagehsalalma.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-35036, which leaks the super admin password of Zyxel VMG8825-B50B routers by generating passwords from the device's serial number. It includes a QEMU-based emulation environment and scripts to calculate passwords using extracted Zyxel firmware libraries.

Description

A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.

Exploits (1)

nomisec WORKING POC

by minanagehsalalma · poc

https://github.com/minanagehsalalma/zyxel-cve-2021-35036-super-admin-password-leak

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-35036, which leaks the super admin password of Zyxel VMG8825-B50B routers by generating passwords from the device's serial number. It includes a QEMU-based emulation environment and scripts to calculate passwords using extracted Zyxel firmware libraries.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Zyxel VMG8825-B50B firmware

No auth needed

Prerequisites: device serial number · QEMU for emulation

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 21, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability

Scores

CVSS v3 6.5

EPSS 0.0015

EPSS Percentile 35.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-312

Status published

Products (33)

zyxel/ax7501-b0_firmware < 5.17\(abpc.2\)c0

zyxel/dx3301-t0_firmware < 5.50\(abvy.3\)c0

zyxel/dx5401-b0_firmware < 5.17\(abyo.2\)c0

zyxel/emg3525-t50b_firmware < 5.50\(abpm.7\)c0

zyxel/emg5523-t50b_firmware < 5.50\(abpm.7\)c0

zyxel/emg5723-t50k_firmware < 5.50\(abom.8\)c0

zyxel/ep240p_firmware < 5.40\(abvh.0\)c0a03

zyxel/ex5401-b0_firmware < 5.17\(abyo.2\)c0

zyxel/ex5501-b0_firmware < 5.17\(abry.3\)c0

zyxel/lte3301-plus_firmware < 1.00\(abqu.6\)c0

... and 23 more

Published Mar 01, 2022

Tracked Since Feb 18, 2026