FKIE_CVE-2021-35031
Vulnerability from fkie_nvd - Published: 2021-12-28 11:15 - Updated: 2024-11-21 06:11
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8E2361-4094-4EF4-ABD1-2AA7F6306F17",
"versionEndExcluding": "2.70\\(aahh.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B977BC02-1C92-4A11-B63B-08D521257313",
"versionEndExcluding": "2.70\\(aahi.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0426305E-B895-4F3F-BBFD-B67532B23D45",
"versionEndExcluding": "2.70\\(aazi.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC06507-70AD-4518-A206-51DCF3A372EC",
"versionEndExcluding": "2.70\\(aahj.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FA189B-1FCD-4A54-8867-8F640EA6E23D",
"versionEndExcluding": "2.70\\(aahk.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6A17B4-4E5A-4B59-8D4E-34D3D4E474FD",
"versionEndExcluding": "2.70\\(abto.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCE590C-002A-4DAA-84AB-23B976F0F510",
"versionEndExcluding": "2.70\\(aahl.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A54568EB-94F3-4817-BD25-C5F52ED1B9AB",
"versionEndExcluding": "2.70\\(aahm.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A11824-D68D-41F0-BA0B-69C6CEEC5948",
"versionEndExcluding": "2.70\\(aatp.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBB3AFE-A826-43DC-A18F-FFD68E08E23E",
"versionEndExcluding": "2.70\\(aahn.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7B8A54-65D5-41E6-89BF-0B4DF6D30125",
"versionEndExcluding": "2.70\\(aaho.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAE5234-410D-436F-86CD-744F3127AEAF",
"versionEndExcluding": "2.70\\(abtq.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs1210-12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB20E61-9B6E-4AD4-B365-98ED5546F7EF",
"versionEndExcluding": "1.00\\(abty.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs1210-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79ECDFC6-ABE3-43A1-BE57-4EC8C7F2896E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs1250-12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "678F3EF1-23DA-4252-A284-F639CFC5CB8A",
"versionEndExcluding": "1.00\\(abwe.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs1250-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAEB6C1-5F51-4AAC-B8D3-5F06F139639E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el cliente TFTP del firmware de la serie Zyxel GS1900 versi\u00f3n 2.60, podr\u00eda permitir a un usuario local autenticado ejecutar comandos arbitrarios del SO"
}
],
"id": "CVE-2021-35031",
"lastModified": "2024-11-21T06:11:42.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-28T11:15:07.463",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…