Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-35031

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

Published

2021-12-28T11:15:07.463

Last Modified

2024-11-21T06:11:42.600

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

5.1

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-78
  • Type: Primary
    CWE-78
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System zyxel gs1900-8_firmware < 2.70\(aahh.0\)-20211208 Yes
Hardware zyxel gs1900-8 - No
Operating System zyxel gs1900-8hp_firmware < 2.70\(aahi.0\)-20211208 Yes
Hardware zyxel gs1900-8hp - No
Operating System zyxel gs1900-10hp_firmware < 2.70\(aazi.0\)-20211208 Yes
Hardware zyxel gs1900-10hp - No
Operating System zyxel gs1900-16_firmware < 2.70\(aahj.0\)-20211208 Yes
Hardware zyxel gs1900-16 - No
Operating System zyxel gs1900-24e_firmware < 2.70\(aahk.0\)-20211208 Yes
Hardware zyxel gs1900-24e - No
Operating System zyxel gs1900-24ep_firmware < 2.70\(abto.0\)-20211208 Yes
Hardware zyxel gs1900-24ep - No
Operating System zyxel gs1900-24_firmware < 2.70\(aahl.0\)-20211208 Yes
Hardware zyxel gs1900-24 - No
Operating System zyxel gs1900-24hp_firmware < 2.70\(aahm.0\)-20211208 Yes
Hardware zyxel gs1900-24hp - No
Operating System zyxel gs1900-24hpv2_firmware < 2.70\(aatp.0\)-20211208 Yes
Hardware zyxel gs1900-24hpv2 - No
Operating System zyxel gs1900-48_firmware < 2.70\(aahn.0\)-20211208 Yes
Hardware zyxel gs1900-48 - No
Operating System zyxel gs1900-48hp_firmware < 2.70\(aaho.0\)-20211208 Yes
Hardware zyxel gs1900-48hp - No
Operating System zyxel gs1900-48hpv2_firmware < 2.70\(abtq.0\)-20211208 Yes
Hardware zyxel gs1900-48hpv2 - No
Operating System zyxel xgs1210-12_firmware < 1.00\(abty.5\)c0 Yes
Hardware zyxel xgs1210-12 - No
Operating System zyxel xgs1250-12_firmware < 1.00\(abwe.1\)c0 Yes
Hardware zyxel xgs1250-12 - No
References