VAR-202112-2079
Vulnerability from variot - Updated: 2024-08-14 14:18A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel, Taiwan.
An access control error vulnerability exists in several Zyxel products. The vulnerability is caused by the product's TFTP client not adding permission control to the function of executing system commands. An attacker can use this vulnerability to execute arbitrary operating system commands after logging in
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aazi.0\\)-20211208"
},
{
"model": "xgs1250-12",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "1.00\\(abwe.1\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahh.0\\)-20211208"
},
{
"model": "gs1900-48hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abtq.0\\)-20211208"
},
{
"model": "xgs1210-12",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "1.00\\(abty.5\\)c0"
},
{
"model": "gs1900-24hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aatp.0\\)-20211208"
},
{
"model": "gs1900-24ep",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abto.0\\)-20211208"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahk.0\\)-20211208"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahl.0\\)-20211208"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aaho.0\\)-20211208"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahm.0\\)-20211208"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahi.0\\)-20211208"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahj.0\\)-20211208"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahn.0\\)-20211208"
},
{
"model": "gs1900-24hpv2",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24ep",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-48",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-16",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24e",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "xgs1250",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "xgs1210",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"cve": "CVE-2021-35031",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CVE-2021-35031",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.1,
"id": "CNVD-2022-01689",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2021-35031",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "security@zyxel.com.tw",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2021-35031",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-35031",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-35031",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@zyxel.com.tw",
"id": "CVE-2021-35031",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-35031",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-01689",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2730",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-35031",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel, Taiwan. \n\r\n\r\nAn access control error vulnerability exists in several Zyxel products. The vulnerability is caused by the product\u0027s TFTP client not adding permission control to the function of executing system commands. An attacker can use this vulnerability to execute arbitrary operating system commands after logging in",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35031",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-01689",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010304",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-35031",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"id": "VAR-202112-2079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
}
]
},
"last_update_date": "2024-08-14T14:18:11.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel\u00a0security\u00a0advisory\u00a0for\u00a0OS\u00a0command\u00a0injection\u00a0vulnerabilities\u00a0of\u00a0GS1900,\u00a0XGS1210,\u00a0and\u00a0XGS1250\u00a0series\u00a0switches",
"trust": 0.8,
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerabilities-of-gs1900-xgs1210-and-xgs1250-series-switches"
},
{
"title": "Patch for ZyXEL GS1900 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/312051"
},
{
"title": "ZyXEL GS1900 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176845"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35031"
},
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/zyxel_security_advisory_for_os_command_injection_vulnerabilities_of_switches.shtml"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010304"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"date": "2023-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"date": "2021-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"date": "2021-12-28T11:15:07.463000",
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"date": "2022-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"date": "2023-01-17T01:51:00",
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"date": "2022-01-07T16:59:51.267000",
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Zyxel\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…