CVE-2021-35029

Summary

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

Affected Software

VendorProductVersion RangeStatus
ZyxelUSG/Zywall series Firmware4.35 through 4.64affected
ZyxelUSG FLEX series Firmware4.35 through 5.01affected
ZyxelATP series Firmware4.35 through 5.01affected
ZyxelVPN series Firmware4.35 through 5.01affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References