CVE-2021-35029

Published on: 07/02/2021 12:00:00 AM UTC

Last Modified on: 07/08/2021 06:20:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Usg100 from Zyxel contain the following vulnerability:

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

  • CVE-2021-35029 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as CRITICAL severity.
  • Affected Vendor/Software: URL Logo Zyxel - USG/Zywall series Firmware version 4.35 through 4.64
  • Affected Vendor/Software: URL Logo Zyxel - USG FLEX series Firmware version 4.35 through 5.01
  • Affected Vendor/Software: URL Logo Zyxel - ATP series Firmware version 4.35 through 5.01
  • Affected Vendor/Software: URL Logo Zyxel - VPN series Firmware version 4.35 through 5.01

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
404 Error | Zyxel www.zyxel.com
text/html
URL Logo MISC www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Hardware Device InfoZyxelUsg100-AllAllAll
Hardware Device InfoZyxelUsg1000-AllAllAll
Operating
System
ZyxelUsg1000 FirmwareAllAllAllAll
Operating
System
ZyxelUsg100 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg110-AllAllAll
Hardware Device InfoZyxelUsg1100-AllAllAll
Operating
System
ZyxelUsg1100 FirmwareAllAllAllAll
Operating
System
ZyxelUsg110 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg1900-AllAllAll
Operating
System
ZyxelUsg1900 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg20-AllAllAll
Hardware Device InfoZyxelUsg20-vpn-AllAllAll
Operating
System
ZyxelUsg20-vpn FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg200-AllAllAll
Hardware Device InfoZyxelUsg2000-AllAllAll
Operating
System
ZyxelUsg2000 FirmwareAllAllAllAll
Operating
System
ZyxelUsg200 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg20w-AllAllAll
Hardware Device InfoZyxelUsg20w-vpn-AllAllAll
Operating
System
ZyxelUsg20w-vpn FirmwareAllAllAllAll
Operating
System
ZyxelUsg20w FirmwareAllAllAllAll
Operating
System
ZyxelUsg20 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg210-AllAllAll
Operating
System
ZyxelUsg210 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg2200-vpn-AllAllAll
Operating
System
ZyxelUsg2200-vpn FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg300-AllAllAll
Operating
System
ZyxelUsg300 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg310-AllAllAll
Operating
System
ZyxelUsg310 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg40-AllAllAll
Hardware Device InfoZyxelUsg40w-AllAllAll
Operating
System
ZyxelUsg40w FirmwareAllAllAllAll
Operating
System
ZyxelUsg40 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg50-AllAllAll
Operating
System
ZyxelUsg50 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg60-AllAllAll
Hardware Device InfoZyxelUsg60w-AllAllAll
Operating
System
ZyxelUsg60w FirmwareAllAllAllAll
Operating
System
ZyxelUsg60 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg Flex 100-AllAllAll
Hardware Device InfoZyxelUsg Flex 100w-AllAllAll
Operating
System
ZyxelUsg Flex 100w FirmwareAllAllAllAll
Operating
System
ZyxelUsg Flex 100 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg Flex 200-AllAllAll
Operating
System
ZyxelUsg Flex 200 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg Flex 500-AllAllAll
Operating
System
ZyxelUsg Flex 500 FirmwareAllAllAllAll
Hardware Device InfoZyxelUsg Flex 700-AllAllAll
Operating
System
ZyxelUsg Flex 700 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall 110-AllAllAll
Hardware Device InfoZyxelZywall 1100-AllAllAll
Operating
System
ZyxelZywall 1100 FirmwareAllAllAllAll
Operating
System
ZyxelZywall 110 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall 310-AllAllAll
Operating
System
ZyxelZywall 310 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall Atp100-AllAllAll
Hardware Device InfoZyxelZywall Atp100w-AllAllAll
Operating
System
ZyxelZywall Atp100w FirmwareAllAllAllAll
Operating
System
ZyxelZywall Atp100 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall Atp200-AllAllAll
Operating
System
ZyxelZywall Atp200 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall Atp500-AllAllAll
Operating
System
ZyxelZywall Atp500 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall Atp700-AllAllAll
Operating
System
ZyxelZywall Atp700 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall Atp800-AllAllAll
Operating
System
ZyxelZywall Atp800 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall Vpn100-AllAllAll
Operating
System
ZyxelZywall Vpn100 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall Vpn300-AllAllAll
Operating
System
ZyxelZywall Vpn300 FirmwareAllAllAllAll
Hardware Device InfoZyxelZywall Vpn50-AllAllAll
Operating
System
ZyxelZywall Vpn50 FirmwareAllAllAllAll
  • cpe:2.3:h:zyxel:usg100:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg1000:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg1000_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg1100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg1900_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg2000:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg2000_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg20w:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg20w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg2200-vpn_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg50:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg50_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report