CVE-2021-35029

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 58.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
41
Zyxel Usg1000 FirmwareZyxel Usg100 FirmwareZyxel Usg1100 Firmware+38 more
Timeline
PublishedJul 2
Latest updateMay 24

Description

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages41 packages

CVEListV5zyxel/usg_flex_series_firmware4.35 through 5.01
CVEListV5zyxel/usg/zywall_series_firmware4.35 through 4.64
CVEListV5zyxel/atp_series_firmware4.35 through 5.01
CVEListV5zyxel/vpn_series_firmware4.35 through 5.01
NVDzyxel/zywall_110_firmware4.355.01

🔴Vulnerability Details

2
GHSA
GHSA-2h44-x2fr-537p: An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 42022-05-24
CVEList
CVE-2021-35029: An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 42021-07-02
CVE-2021-35029 (CRITICAL CVSS 9.8) | An authentication bypasss vulnerabi | cvebase.io