Vulnerability Database

310,450

Total vulnerabilities in the database

CVE-2021-4471

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

Published: Nov 14, 2025
Updated: Nov 16, 2025
CVE: CVE-2021-4471
Exploit:

No technical information available.

CWEs:

CWE-538

Affected Software
References

No affected software listed.

https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/
https://web.archive.org/web/20211024224240/http://www.tg8security.com/
https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-user-password-disclosure

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo