CVE-2021-4471

HIGH

TG8 Firewall - Info Disclosure

Title source: llm

Description

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

References (3)

[Various Sources] https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/

[Various Sources] https://web.archive.org/web/20211024224240/http://www.tg8security.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-user-password-disclosure

Scores

CVSS v4 8.7

EPSS 0.0029

EPSS Percentile 51.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-538

Status published

Products (1)

TG8/TG8 Firewall

Published Nov 14, 2025

Tracked Since Feb 18, 2026