← back
CVE-2021-35031

CVE-2021-35031

CVSS 6.8 MEDIUMEPSS 0.5%CWE-78
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Dec 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Zyxel · GS1900 series firmwareZyxel · XGS1210 series firmwareZyxel · XGS1250 series firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml