CVE-2021-4471 HIGH

CVE-2021-4471: TG8 Firewall Unauthenticated User Password Disclosure

Vendor Tg8
Product TG8 Firewall
Weakness CWE-538
Published November 14, 2025
Last update November 17, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

Key dates

02Disclosure timeline

November 14, 2025 CVE published
November 17, 2025 Record updated