Zyxel low-priv account leaked super-admin, FTPS, and TR
Source: Reddit
Published:
<p>This is the longer technical writeup behind CVE-2021-35036. The short CVE summary makes it sound like simple cleartext storage, but the useful part is the access path. A low-privileged Zyxel router session could query DAL handlers like login_privilege and tr69 and receive password-bearing backend