Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-35029
HistoryJul 02, 2021 - 11:15 a.m.

CVE-2021-35029

2021-07-0211:15:08
CWE-287
[email protected]
web.nvd.nist.gov
29
1
cve-2021-35029
authentication bypass
zyxel
usg
zywall
firmware
vulnerability
remote execution
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

Affected configurations

NVD
Node
zyxelusg1900Match-
AND
zyxelusg1900_firmwareRange4.354.64
Node
zyxelusg1100Match-
AND
zyxelusg1100_firmwareRange4.354.64
Node
zyxelusg310Match-
AND
zyxelusg310_firmwareRange4.354.64
Node
zyxelusg210Match-
AND
zyxelusg210_firmwareRange4.354.64
Node
zyxelusg110Match-
AND
zyxelusg110_firmwareRange4.354.64
Node
zyxelusg40Match-
AND
zyxelusg40_firmwareRange4.354.64
Node
zyxelusg40wMatch-
AND
zyxelusg40w_firmwareRange4.354.64
Node
zyxelusg60Match-
AND
zyxelusg60_firmwareRange4.354.64
Node
zyxelusg60w_firmwareRange4.354.64
AND
zyxelusg60wMatch-
Node
zyxelusg300_firmwareRange4.354.64
AND
zyxelusg300Match-
Node
zyxelusg1000_firmwareRange4.354.64
AND
zyxelusg1000Match-
Node
zyxelusg2000_firmwareRange4.354.64
AND
zyxelusg2000Match-
Node
zyxelusg20_firmwareRange4.354.64
AND
zyxelusg20Match-
Node
zyxelusg20w_firmwareRange4.354.64
AND
zyxelusg20wMatch-
Node
zyxelusg50_firmwareRange4.354.64
AND
zyxelusg50Match-
Node
zyxelusg100_firmwareRange4.354.64
AND
zyxelusg100Match-
Node
zyxelusg200_firmwareRange4.354.64
AND
zyxelusg200Match-
Node
zyxelusg_flex_100_firmwareRange4.355.01
AND
zyxelusg_flex_100Match-
Node
zyxelusg_flex_200_firmwareRange4.355.01
AND
zyxelusg_flex_200Match-
Node
zyxelusg_flex_500_firmwareRange4.355.01
AND
zyxelusg_flex_500Match-
Node
zyxelusg_flex_100w_firmwareRange4.355.01
AND
zyxelusg_flex_100wMatch-
Node
zyxelusg_flex_700_firmwareRange4.355.01
AND
zyxelusg_flex_700Match-
Node
zyxelzywall_atp100_firmwareRange4.355.01
AND
zyxelzywall_atp100Match-
Node
zyxelzywall_atp100w_firmwareRange4.355.01
AND
zyxelzywall_atp100wMatch-
Node
zyxelzywall_atp200_firmwareRange4.355.01
AND
zyxelzywall_atp200Match-
Node
zyxelzywall_atp500_firmwareRange4.355.01
AND
zyxelzywall_atp500Match-
Node
zyxelzywall_atp700_firmwareRange4.355.01
AND
zyxelzywall_atp700Match-
Node
zyxelzywall_atp800_firmwareRange4.355.01
AND
zyxelzywall_atp800Match-
Node
zyxelzywall_vpn50_firmwareRange4.355.01
AND
zyxelzywall_vpn50Match-
Node
zyxelzywall_vpn100_firmwareRange4.355.01
AND
zyxelzywall_vpn100Match-
Node
zyxelzywall_vpn300_firmwareRange4.355.01
AND
zyxelzywall_vpn300Match-
Node
zyxelusg20-vpn_firmwareRange4.355.01
AND
zyxelusg20-vpnMatch-
Node
zyxelusg20w-vpn_firmwareRange4.355.01
AND
zyxelusg20w-vpnMatch-
Node
zyxelusg2200-vpn_firmwareRange4.355.01
AND
zyxelusg2200-vpnMatch-
Node
zyxelzywall_110_firmwareRange4.355.01
AND
zyxelzywall_110Match-
Node
zyxelzywall_310_firmwareRange4.355.01
AND
zyxelzywall_310Match-
Node
zyxelzywall_1100_firmwareRange4.355.01
AND
zyxelzywall_1100Match-

CNA Affected

[
  {
    "product": "USG/Zywall series Firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.35 through 4.64"
      }
    ]
  },
  {
    "product": "USG FLEX series Firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.35 through 5.01"
      }
    ]
  },
  {
    "product": "ATP series Firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.35 through 5.01"
      }
    ]
  },
  {
    "product": "VPN series Firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.35 through 5.01"
      }
    ]
  }
]

Social References

More

Related

prion 1
nvd 1
cvelist 1
prion
prion
Authentication flaw
2021-07-02 11:15:00
nvd
nvd
CVE-2021-35029
2021-07-02 11:15:08
cvelist
cvelist
CVE-2021-35029
2021-07-02 10:29:07

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON
Related for CVE-2021-35029
prion1nvd1cvelist1