CVE-2021-35031

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:zyxel:xgs1210-12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:xgs1210-12:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zyxel:xgs1250-12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:xgs1250-12:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-12-28 11:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-35031

Mitre link : CVE-2021-35031

CVE.ORG link : CVE-2021-35031


JSON object : View

Products Affected

zyxel

  • gs1900-10hp_firmware
  • gs1900-48hpv2
  • gs1900-24hp_firmware
  • gs1900-8hp_firmware
  • gs1900-24
  • gs1900-24e_firmware
  • gs1900-8hp
  • xgs1250-12_firmware
  • gs1900-24hpv2
  • gs1900-24hpv2_firmware
  • gs1900-16
  • gs1900-16_firmware
  • gs1900-24e
  • xgs1250-12
  • gs1900-24ep_firmware
  • gs1900-48hp_firmware
  • gs1900-48hp
  • gs1900-10hp
  • gs1900-8
  • gs1900-24hp
  • xgs1210-12
  • gs1900-8_firmware
  • gs1900-48_firmware
  • xgs1210-12_firmware
  • gs1900-48
  • gs1900-24ep
  • gs1900-24_firmware
  • gs1900-48hpv2_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')