CVE-2021-35027Path Traversal: 'dir/../../filename' in Zyxel Zywall Vpn2s Firmware

CWE-27Path Traversal: 'dir/../../filename'CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 36.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zyxel Zywall Vpn2s Firmware
Timeline
PublishedSep 29
Latest updateMay 24

Description

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5zyxel/zywall_vpn2s_firmware1.12(ABLN.0)C0
NVDzyxel/zywall_vpn2s_firmware1.12\(abln.0\)c0

Patches

Patch: www.zyxel.comPatch: www.zyxel.com

🔴Vulnerability Details

2
GHSA
GHSA-gf8r-6336-2wmx: A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 12022-05-24
CVEList
CVE-2021-35027: A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 12021-09-29
CVE-2021-35027 — Path Traversal: 'dir/../../filename' | cvebase