CVE-2021-35031

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

Published: Dec 28, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-35031
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.7
AV:A/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
zyxel / gs1900-8_firmware	-	2.70\(aahh.0\)-20211208
zyxel / gs1900-8hp_firmware	-	2.70\(aahi.0\)-20211208
zyxel / gs1900-10hp_firmware	-	2.70\(aazi.0\)-20211208
zyxel / gs1900-16_firmware	-	2.70\(aahj.0\)-20211208
zyxel / gs1900-24e_firmware	-	2.70\(aahk.0\)-20211208
zyxel / gs1900-24ep_firmware	-	2.70\(abto.0\)-20211208
zyxel / gs1900-24_firmware	-	2.70\(aahl.0\)-20211208
zyxel / gs1900-24hp_firmware	-	2.70\(aahm.0\)-20211208
zyxel / gs1900-24hpv2_firmware	-	2.70\(aatp.0\)-20211208
zyxel / gs1900-48_firmware	-	2.70\(aahn.0\)-20211208
zyxel / gs1900-48hp_firmware	-	2.70\(aaho.0\)-20211208
zyxel / gs1900-48hpv2_firmware	-	2.70\(abtq.0\)-20211208
zyxel / xgs1210-12_firmware	-	1.00\(abty.5\)c0
zyxel / xgs1250-12_firmware	-	1.00\(abwe.1\)c0

https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml

Vulnerability Database

289,697

CVE-2021-35031