Sign-up

ID

VAR-202112-2079


CVE

CVE-2021-35031


TITLE

plural  Zyxel  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-017333

DESCRIPTION

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel, Taiwan. An access control error vulnerability exists in several Zyxel products. The vulnerability is caused by the product's TFTP client not adding permission control to the function of executing system commands. An attacker can use this vulnerability to execute arbitrary operating system commands after logging in

Trust: 2.25

sources: NVD: CVE-2021-35031 // JVNDB: JVNDB-2021-017333 // CNVD: CNVD-2022-01689 // VULMON: CVE-2021-35031

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-01689

AFFECTED PRODUCTS

vendor:zyxelmodel:gs1900-10hpscope:ltversion:2.70\(aazi.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:xgs1250-12scope:ltversion:1.00\(abwe.1\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-8scope:ltversion:2.70\(aahh.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-48hpv2scope:ltversion:2.70\(abtq.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:xgs1210-12scope:ltversion:1.00\(abty.5\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-24hpv2scope:ltversion:2.70\(aatp.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-24epscope:ltversion:2.70\(abto.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-24escope:ltversion:2.70\(aahk.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-24scope:ltversion:2.70\(aahl.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-48hpscope:ltversion:2.70\(aaho.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-24hpscope:ltversion:2.70\(aahm.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-8hpscope:ltversion:2.70\(aahi.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-16scope:ltversion:2.70\(aahj.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-48scope:ltversion:2.70\(aahn.0\)-20211208

Trust: 1.0

vendor:zyxelmodel:gs1900-24hpv2scope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-24epscope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-48scope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-16scope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-10hpscope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-24scope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-8scope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-24hpscope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-8hpscope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-24escope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900scope: - version: -

Trust: 0.6

vendor:zyxelmodel:xgs1250scope: - version: -

Trust: 0.6

vendor:zyxelmodel:xgs1210scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-01689 // JVNDB: JVNDB-2021-017333 // NVD: CVE-2021-35031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-35031
value: HIGH

Trust: 1.0

security@zyxel.com.tw: CVE-2021-35031
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-35031
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-01689
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-2730
value: HIGH

Trust: 0.6

VULMON: CVE-2021-35031
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-35031
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-01689
severity: HIGH
baseScore: 7.2
vectorString: AV:A/AC:L/AU:M/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-35031
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

security@zyxel.com.tw: CVE-2021-35031
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-35031
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-01689 // VULMON: CVE-2021-35031 // JVNDB: JVNDB-2021-017333 // CNNVD: CNNVD-202112-2730 // NVD: CVE-2021-35031 // NVD: CVE-2021-35031

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017333 // NVD: CVE-2021-35031

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2730

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2730

PATCH

title:Zyxel security advisory for OS command injection vulnerabilities of GS1900, XGS1210, and XGS1250 series switchesurl:https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerabilities-of-gs1900-xgs1210-and-xgs1250-series-switches

Trust: 0.8

title:Patch for ZyXEL GS1900 Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/312051

Trust: 0.6

title:ZyXEL GS1900 Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176845

Trust: 0.6

sources: CNVD: CNVD-2022-01689 // JVNDB: JVNDB-2021-017333 // CNNVD: CNNVD-202112-2730

EXTERNAL IDS

db:NVDid:CVE-2021-35031

Trust: 3.9

db:JVNDBid:JVNDB-2021-017333

Trust: 0.8

db:CNVDid:CNVD-2022-01689

Trust: 0.6

db:CS-HELPid:SB2022010304

Trust: 0.6

db:CNNVDid:CNNVD-202112-2730

Trust: 0.6

db:VULMONid:CVE-2021-35031

Trust: 0.1

sources: CNVD: CNVD-2022-01689 // VULMON: CVE-2021-35031 // JVNDB: JVNDB-2021-017333 // CNNVD: CNNVD-202112-2730 // NVD: CVE-2021-35031

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-35031

Trust: 2.0

url:https://www.zyxel.com/support/zyxel_security_advisory_for_os_command_injection_vulnerabilities_of_switches.shtml

Trust: 1.7

url:https://www.cybersecurity-help.cz/vdb/sb2022010304

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-01689 // VULMON: CVE-2021-35031 // JVNDB: JVNDB-2021-017333 // CNNVD: CNNVD-202112-2730 // NVD: CVE-2021-35031

SOURCES

db:CNVDid:CNVD-2022-01689
db:VULMONid:CVE-2021-35031
db:JVNDBid:JVNDB-2021-017333
db:CNNVDid:CNNVD-202112-2730
db:NVDid:CVE-2021-35031

LAST UPDATE DATE

2024-08-14T14:18:11.892000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-01689date:2022-01-07T00:00:00
db:VULMONid:CVE-2021-35031date:2022-01-07T00:00:00
db:JVNDBid:JVNDB-2021-017333date:2023-01-17T01:51:00
db:CNNVDid:CNNVD-202112-2730date:2022-01-10T00:00:00
db:NVDid:CVE-2021-35031date:2022-01-07T16:59:51.267

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-01689date:2021-12-31T00:00:00
db:VULMONid:CVE-2021-35031date:2021-12-28T00:00:00
db:JVNDBid:JVNDB-2021-017333date:2023-01-17T00:00:00
db:CNNVDid:CNNVD-202112-2730date:2021-12-28T00:00:00
db:NVDid:CVE-2021-35031date:2021-12-28T11:15:07.463