CVE-2021-4471

TG8 Firewall - Info Disclosure

Title source: llm

Description

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

References (3)

[Various Sources] https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/

[Various Sources] https://web.archive.org/web/20211024224240/http://www.tg8security.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-user-password-disclosure

Scores

EPSS 0.0037

EPSS Percentile 58.7%

Classification

CWE

CWE-538

Status draft

Timeline

Published Nov 14, 2025

Tracked Since Feb 18, 2026