Zyxel Router Vulnerability Leaks Sensitive Data

A low-privileged Zyxel router session could query specific handlers (e.g., login_privilege and tr69) and receive responses containing sensitive data, including higher-privilege account credentials, FTPS passwords, and TR-069 management secrets. The vulnerability, tracked as CVE-2021-35036, was initially reported for the VMG3625-T50B model but later expanded to affect broader product lines, including CPE, ONT, LTE, and 5G devices. The post also details the password-generation mechanisms, such as QEMU runtime analysis and LD_PRELOAD hooks.