CVE-2021-35029

Published on: 07/02/2021 12:00:00 AM UTC

Last Modified on: 07/08/2021 06:20:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Usg100 from Zyxel contain the following vulnerability:

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

  • CVE-2021-35029 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as CRITICAL severity.
  • Affected Vendor/Software: URL Logo Zyxel - USG/Zywall series Firmware version 4.35 through 4.64
  • Affected Vendor/Software: URL Logo Zyxel - USG FLEX series Firmware version 4.35 through 5.01
  • Affected Vendor/Software: URL Logo Zyxel - ATP series Firmware version 4.35 through 5.01
  • Affected Vendor/Software: URL Logo Zyxel - VPN series Firmware version 4.35 through 5.01

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
404 Error | Zyxel www.zyxel.com
text/html
URL Logo MISC www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareZyxelUsg100-AllAllAll
HardwareZyxelUsg1000-AllAllAll
Operating
System
ZyxelUsg1000 FirmwareAllAllAllAll
Operating
System
ZyxelUsg100 FirmwareAllAllAllAll
HardwareZyxelUsg110-AllAllAll
HardwareZyxelUsg1100-AllAllAll
Operating
System
ZyxelUsg1100 FirmwareAllAllAllAll
Operating
System
ZyxelUsg110 FirmwareAllAllAllAll
HardwareZyxelUsg1900-AllAllAll
Operating
System
ZyxelUsg1900 FirmwareAllAllAllAll
HardwareZyxelUsg20-AllAllAll
HardwareZyxelUsg20-vpn-AllAllAll
Operating
System
ZyxelUsg20-vpn FirmwareAllAllAllAll
HardwareZyxelUsg200-AllAllAll
HardwareZyxelUsg2000-AllAllAll
Operating
System
ZyxelUsg2000 FirmwareAllAllAllAll
Operating
System
ZyxelUsg200 FirmwareAllAllAllAll
HardwareZyxelUsg20w-AllAllAll
HardwareZyxelUsg20w-vpn-AllAllAll
Operating
System
ZyxelUsg20w-vpn FirmwareAllAllAllAll
Operating
System
ZyxelUsg20w FirmwareAllAllAllAll
Operating
System
ZyxelUsg20 FirmwareAllAllAllAll
HardwareZyxelUsg210-AllAllAll
Operating
System
ZyxelUsg210 FirmwareAllAllAllAll
HardwareZyxelUsg2200-vpn-AllAllAll
Operating
System
ZyxelUsg2200-vpn FirmwareAllAllAllAll
HardwareZyxelUsg300-AllAllAll
Operating
System
ZyxelUsg300 FirmwareAllAllAllAll
HardwareZyxelUsg310-AllAllAll
Operating
System
ZyxelUsg310 FirmwareAllAllAllAll
HardwareZyxelUsg40-AllAllAll
HardwareZyxelUsg40w-AllAllAll
Operating
System
ZyxelUsg40w FirmwareAllAllAllAll
Operating
System
ZyxelUsg40 FirmwareAllAllAllAll
HardwareZyxelUsg50-AllAllAll
Operating
System
ZyxelUsg50 FirmwareAllAllAllAll
HardwareZyxelUsg60-AllAllAll
HardwareZyxelUsg60w-AllAllAll
Operating
System
ZyxelUsg60w FirmwareAllAllAllAll
Operating
System
ZyxelUsg60 FirmwareAllAllAllAll
HardwareZyxelUsg Flex 100-AllAllAll
HardwareZyxelUsg Flex 100w-AllAllAll
Operating
System
ZyxelUsg Flex 100w FirmwareAllAllAllAll
Operating
System
ZyxelUsg Flex 100 FirmwareAllAllAllAll
HardwareZyxelUsg Flex 200-AllAllAll
Operating
System
ZyxelUsg Flex 200 FirmwareAllAllAllAll
HardwareZyxelUsg Flex 500-AllAllAll
Operating
System
ZyxelUsg Flex 500 FirmwareAllAllAllAll
HardwareZyxelUsg Flex 700-AllAllAll
Operating
System
ZyxelUsg Flex 700 FirmwareAllAllAllAll
HardwareZyxelZywall 110-AllAllAll
HardwareZyxelZywall 1100-AllAllAll
Operating
System
ZyxelZywall 1100 FirmwareAllAllAllAll
Operating
System
ZyxelZywall 110 FirmwareAllAllAllAll
HardwareZyxelZywall 310-AllAllAll
Operating
System
ZyxelZywall 310 FirmwareAllAllAllAll
HardwareZyxelZywall Atp100-AllAllAll
HardwareZyxelZywall Atp100w-AllAllAll
Operating
System
ZyxelZywall Atp100w FirmwareAllAllAllAll
Operating
System
ZyxelZywall Atp100 FirmwareAllAllAllAll
HardwareZyxelZywall Atp200-AllAllAll
Operating
System
ZyxelZywall Atp200 FirmwareAllAllAllAll
HardwareZyxelZywall Atp500-AllAllAll
Operating
System
ZyxelZywall Atp500 FirmwareAllAllAllAll
HardwareZyxelZywall Atp700-AllAllAll
Operating
System
ZyxelZywall Atp700 FirmwareAllAllAllAll
HardwareZyxelZywall Atp800-AllAllAll
Operating
System
ZyxelZywall Atp800 FirmwareAllAllAllAll
HardwareZyxelZywall Vpn100-AllAllAll
Operating
System
ZyxelZywall Vpn100 FirmwareAllAllAllAll
HardwareZyxelZywall Vpn300-AllAllAll
Operating
System
ZyxelZywall Vpn300 FirmwareAllAllAllAll
HardwareZyxelZywall Vpn50-AllAllAll
Operating
System
ZyxelZywall Vpn50 FirmwareAllAllAllAll
  • cpe:2.3:h:zyxel:usg100:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg1000:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg1000_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg1100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg1900_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg2000:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg2000_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg20w:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg20w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg2200-vpn_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg50:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg50_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report