CVE-2021-35028

Summary

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.

Affected Software

VendorProductVersion RangeStatus
ZyxelZyWALL VPN2S Firmware1.12(ABLN.0)C0affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References