CVE-2021-4471

CVE-2021-4471 is a high-severity vulnerability with a CVSS 4.0 base score of 8.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-538.

Key facts

Description

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.

Frequently asked questions

What is CVE-2021-4471?
TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.
How severe is CVE-2021-4471?
CVE-2021-4471 has a CVSS 4.0 base score of 8.7, rated high severity.
Is CVE-2021-4471 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (44th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2021-4471?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
Does CVE-2021-4471 have an EU (EUVD) identifier?
Yes. CVE-2021-4471 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2021-34722.
When was CVE-2021-4471 published?
CVE-2021-4471 was published on 2025-11-14 and last updated on 2026-06-17.

References

Other CWE-538 vulnerabilities

Browse all CWE-538 vulnerabilities →