CVE-2021-35031 : A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 seri

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

Published 2021-12-28 11:15:07

Updated 2022-01-07 16:59:51

Source Zyxel Corporation

View at NVD, CVE.org

Products affected by CVE-2021-35031

Zyxel » Gs1900-8 Firmware
Versions before (<) 2.70\(aahh.0\)-20211208
cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-8 » Version: N/A
Zyxel » Gs1900-24 Firmware
Versions before (<) 2.70\(aahl.0\)-20211208
cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-24 » Version: N/A
Zyxel » Gs1900-8hp Firmware
Versions before (<) 2.70\(aahi.0\)-20211208
cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-8hp » Version: N/A
Zyxel » Gs1900-10hp Firmware
Versions before (<) 2.70\(aazi.0\)-20211208
cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-10hp » Version: N/A
Zyxel » Gs1900-16 Firmware
Versions before (<) 2.70\(aahj.0\)-20211208
cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-16 » Version: N/A
Zyxel » Gs1900-24e Firmware
Versions before (<) 2.70\(aahk.0\)-20211208
cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-24e » Version: N/A
Zyxel » Gs1900-24hp Firmware
Versions before (<) 2.70\(aahm.0\)-20211208
cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-24hp » Version: N/A
Zyxel » Gs1900-48 Firmware
Versions before (<) 2.70\(aahn.0\)-20211208
cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-48 » Version: N/A
Zyxel » Gs1900-48hp Firmware
Versions before (<) 2.70\(aaho.0\)-20211208
cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-48hp » Version: N/A
Zyxel » Gs1900-24ep Firmware
Versions before (<) 2.70\(abto.0\)-20211208
cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-24ep » Version: N/A
Zyxel » Gs1900-24hpv2 Firmware
Versions before (<) 2.70\(aatp.0\)-20211208
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-24hpv2 » Version: N/A
Zyxel » Gs1900-48hpv2 Firmware
Versions before (<) 2.70\(abtq.0\)-20211208
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-48hpv2 » Version: N/A
Zyxel » Xgs1210-12 Firmware
Versions before (<) 1.00\(abty.5\)c0
cpe:2.3:o:zyxel:xgs1210-12_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Xgs1210-12 » Version: N/A
Zyxel » Xgs1250-12 Firmware
Versions before (<) 1.00\(abwe.1\)c0
cpe:2.3:o:zyxel:xgs1250-12_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Xgs1250-12 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-35031

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-35031

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.7	HIGH	AV:A/AC:L/Au:S/C:C/I:C/A:C	5.1	10.0	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.1	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.8	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	Zyxel Corporation
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-35031

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Assigned by:
- nvd@nist.gov (Primary)
- security@zyxel.com.tw (Secondary)

References for CVE-2021-35031

https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml

Zyxel security advisory for OS command injection vulnerabilities of GS1900, XGS1210, and XGS1250 series switches | Zyxel
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-35031

Products affected by CVE-2021-35031

Exploit prediction scoring system (EPSS) score for CVE-2021-35031

CVSS scores for CVE-2021-35031

CWE ids for CVE-2021-35031

References for CVE-2021-35031