CVE-2021-4470 - TG8 Firewall Unauthenticated RCE via runphpcmd.php

CVE ID : CVE-2021-4470 Published : 14 Nov 2025, 11:15 p.m. | 1 hour, 16 minutes ago Description : TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to execute arbitrary operating system commands as root, resulting in full device compromise. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...