CVE-2021-35029
published 2021-07-02CVE-2021-35029: An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | atp_series_firmware | — | — |
| zyxel | usg1000_firmware | 4.35 – 4.64 | — |
| zyxel | usg100_firmware | 4.35 – 4.64 | — |
| zyxel | usg1100_firmware | 4.35 – 4.64 | — |
| zyxel | usg110_firmware | 4.35 – 4.64 | — |
| zyxel | usg1900_firmware | 4.35 – 4.64 | — |
| zyxel | usg20-vpn_firmware | 4.35 – 5.01 | — |
| zyxel | usg2000_firmware | 4.35 – 4.64 | — |
| zyxel | usg200_firmware | 4.35 – 4.64 | — |
| zyxel | usg20_firmware | 4.35 – 4.64 | — |
| zyxel | usg20w-vpn_firmware | 4.35 – 5.01 | — |
| zyxel | usg20w_firmware | 4.35 – 4.64 | — |
| zyxel | usg210_firmware | 4.35 – 4.64 | — |
| zyxel | usg2200-vpn_firmware | 4.35 – 5.01 | — |
| zyxel | usg300_firmware | 4.35 – 4.64 | — |
| zyxel | usg310_firmware | 4.35 – 4.64 | — |
| zyxel | usg40_firmware | 4.35 – 4.64 | — |
| zyxel | usg40w_firmware | 4.35 – 4.64 | — |
| zyxel | usg50_firmware | 4.35 – 4.64 | — |
| zyxel | usg60_firmware | 4.35 – 4.64 | — |
| zyxel | usg60w_firmware | 4.35 – 4.64 | — |
| zyxel | usg_flex_100_firmware | 4.35 – 5.01 | — |
| zyxel | usg_flex_100w_firmware | 4.35 – 5.01 | — |
| zyxel | usg_flex_200_firmware | 4.35 – 5.01 | — |
| zyxel | usg_flex_500_firmware | 4.35 – 5.01 | — |