CVE-2021-35031

Summary

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

Affected Software

VendorProductVersion RangeStatus
ZyxelGS1900 series firmware2.60affected
ZyxelXGS1210 series firmware1.00(ABTY.4)C0affected
ZyxelXGS1250 series firmware1.00(ABWE.0)C0affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References