Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-35036

A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.5, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 62 products from zyxel, from zyxel, from zyxel and 59 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-03-01T07:15:06.917

Last Modified

2024-11-21T06:11:43.343

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-312
Type: Primary
CWE-312

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	ax7501-b0_firmware	< 5.17\(abpc.2\)c0	Yes
Hardware	zyxel	ax7501-b0	-	No
Operating System	zyxel	dx3301-t0_firmware	< 5.50\(abvy.3\)c0	Yes
Hardware	zyxel	dx3301-t0	-	No
Operating System	zyxel	dx5401-b0_firmware	< 5.17\(abyo.2\)c0	Yes
Hardware	zyxel	dx5401-b0	-	No
Operating System	zyxel	emg3525-t50b_firmware	< 5.50\(abpm.7\)c0	Yes
Hardware	zyxel	emg3525-t50b	-	No
Operating System	zyxel	emg5523-t50b_firmware	< 5.50\(abpm.7\)c0	Yes
Hardware	zyxel	emg5523-t50b	-	No
Operating System	zyxel	emg5723-t50k_firmware	< 5.50\(abom.8\)c0	Yes
Hardware	zyxel	emg5723-t50k	-	No
Operating System	zyxel	ep240p_firmware	< 5.40\(abvh.0\)c0a03	Yes
Hardware	zyxel	ep240p	-	No
Operating System	zyxel	ex5401-b0_firmware	< 5.17\(abyo.2\)c0	Yes
Hardware	zyxel	ex5401-b0	-	No
Operating System	zyxel	ex5501-b0_firmware	< 5.17\(abry.3\)c0	Yes
Hardware	zyxel	ex5501-b0	-	No
Operating System	zyxel	lte3301-plus_firmware	< 1.00\(abqu.6\)c0	Yes
Hardware	zyxel	lte3301-plus	-	No
Operating System	zyxel	lte5388-m804_firmware	< 1.00\(abra.6\)c0	Yes
Hardware	zyxel	lte5388-m804	-	No
Operating System	zyxel	lte5388-s905_firmware	< 1.00\(abvi.6\)c0	Yes
Hardware	zyxel	lte5388-s905	-	No
Operating System	zyxel	lte5398-m904_firmware	< 1.00\(abqv.2\)c0	Yes
Hardware	zyxel	lte5398-m904	-	No
Operating System	zyxel	lte7240-m403_firmware	< 2.00\(abmg.6\)c0	Yes
Hardware	zyxel	lte7240-m403	-	No
Operating System	zyxel	lte7461-m602_firmware	< 2.00\(abqn.6\)c0	Yes
Hardware	zyxel	lte7461-m602	-	No
Operating System	zyxel	lte7480-m804_firmware	< 1.00\(abra.6\)c0	Yes
Hardware	zyxel	lte7480-m804	-	No
Operating System	zyxel	lte7480-s905_firmware	< 2.00\(abqt.6\)c0	Yes
Hardware	zyxel	lte7480-s905	-	No
Operating System	zyxel	lte7485-s905_firmware	< 1.00\(abvn.6\)c0	Yes
Hardware	zyxel	lte7485-s905	-	No
Operating System	zyxel	lte7490-m804_firmware	< v1.00\(abqy.5\)c0	Yes
Hardware	zyxel	lte7490-m804	-	No
Operating System	zyxel	nr5101_firmware	< 1.00\(abvc.6\)c0	Yes
Hardware	zyxel	nr5101	-	No
Operating System	zyxel	nr7101_firmware	< 1.00\(abuv.7\)c0	Yes
Hardware	zyxel	nr7101	-	No
Operating System	zyxel	nr7102_firmware	< 1.00\(abyd.2\)c0	Yes
Hardware	zyxel	nr7102	-	No
Operating System	zyxel	pm7300-t0_firmware	< 5.42\(acbc.1\)c0	Yes
Hardware	zyxel	pm7300-t0	-	No
Operating System	zyxel	pmg5317-t20b_firmware	< 5.40\(abki.4\)c0	Yes
Hardware	zyxel	pmg5317-t20b	-	No
Operating System	zyxel	pmg5617-t20b2_firmware	< 5.41\(acbb.1\)c0	Yes
Hardware	zyxel	pmg5617-t20b2	-	No
Operating System	zyxel	pmg5617ga_firmware	< 5.40\(abna.2\)c0	Yes
Hardware	zyxel	pmg5617ga	-	No
Operating System	zyxel	pmg5622ga_firmware	< 5.40\(abnb.2\)c0	Yes
Hardware	zyxel	pmg5622ga	-	No
Operating System	zyxel	vmg3625-t50b_firmware	< 5.50\(abtl.0\)b2r	Yes
Hardware	zyxel	vmg3625-t50b	-	No
Operating System	zyxel	vmg3927-t50k_firmware	< 5.50\(abom.8\)c0	Yes
Hardware	zyxel	vmg3927-t50k	-	No
Operating System	zyxel	vmg8623-t50b_firmware	< 5.50\(abpm.7\)c0	Yes
Hardware	zyxel	vmg8623-t50b	-	No
Operating System	zyxel	vmg8825-t50k_firmware	< 5.50\(abom.8\)c0	Yes
Hardware	zyxel	vmg8825-t50k	-	No
Operating System	zyxel	vmg3625-t50b_firmware	< 5.50\(accr.0\)b4	Yes
Hardware	zyxel	vmg3625-t50b	-	No
Operating System	zyxel	vmg3625-t50b_firmware	< 5.50\(abpm.7\)c0	Yes
Hardware	zyxel	vmg3625-t50b	-	No

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability Vendor Advisory ([email protected])
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For zyxel's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.