CVE-2021-35031 MEDIUM

CVE-2021-35031

Vendor Zyxel
Product GS1900 series firmware
Weakness CWE-78
Published December 28, 2021
Last update August 4, 2024

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

Key dates

02Disclosure timeline

December 28, 2021 CVE published
August 4, 2024 Record updated