← Back

CVE-2021-35031

nvd nist
Published: Dec 28, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD

Description

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

Affected (14)

Zyxel
14 products
Gs1900 8 Firmware
Gs1900 8hp Firmware
Gs1900 10hp Firmware
Gs1900 16 Firmware
Gs1900 24e Firmware
Gs1900 24ep Firmware
Gs1900 24 Firmware
Gs1900 24hp Firmware
Gs1900 24hpv2 Firmware
Gs1900 48 Firmware
Gs1900 48hp Firmware
Gs1900 48hpv2 Firmware
Xgs1210 12 Firmware
Xgs1250 12 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 8 Firmware
Before 2.70\(aahh.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 8
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 8hp Firmware
Before 2.70\(aahi.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 8hp
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 10hp Firmware
Before 2.70\(aazi.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 10hp
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 16 Firmware
Before 2.70\(aahj.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 16
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 24e Firmware
Before 2.70\(aahk.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 24e
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 24ep Firmware
Before 2.70\(abto.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 24ep
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 24 Firmware
Before 2.70\(aahl.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 24
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 24hp Firmware
Before 2.70\(aahm.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 24hp
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 24hpv2 Firmware
Before 2.70\(aatp.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 24hpv2
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 48 Firmware
Before 2.70\(aahn.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 48
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 48hp Firmware
Before 2.70\(aaho.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 48hp
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs1900 48hpv2 Firmware
Before 2.70\(abtq.0\)-20211208
Running on/withPlatform Versions
Zyxel
Gs1900 48hpv2
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xgs1210 12 Firmware
Before 1.00\(abty.5\)c0
Running on/withPlatform Versions
Zyxel
Xgs1210 12
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xgs1250 12 Firmware
Before 1.00\(abwe.1\)c0
Running on/withPlatform Versions
Zyxel
Xgs1250 12
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: security@zyxel.com.tw
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.