Is CVE-2021-35031 actively exploited?

CVE-2021-35031 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-35031?

CVE-2021-35031 has a CVSS score of 6.8 (MEDIUM severity). Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2021-35031?

Patch guidance is available from zyxel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-35031.

CVE-2021-35031 - remediation guidance & executive summary

Q: Which products are affected by CVE-2021-35031?

14 products: zyxel gs1900-8 firmware, zyxel gs1900-8hp firmware, zyxel gs1900-10hp firmware, zyxel gs1900-16 firmware, zyxel gs1900-24e firmware, and 9 more.

Description

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector: adjacent network
Complexity: low
Privileges: high
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-78 · OS Command Injection CWE-78 · OS Command Injection

Metadata

Primary Vendor: ZYXEL
Published: 12/28/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

zyxel : gs1900-8_firmwarezyxel : gs1900-8hp_firmwarezyxel : gs1900-10hp_firmwarezyxel : gs1900-16_firmwarezyxel : gs1900-24e_firmwarezyxel : gs1900-24ep_firmwarezyxel : gs1900-24_firmwarezyxel : gs1900-24hp_firmwarezyxel : gs1900-24hpv2_firmwarezyxel : gs1900-48_firmwarezyxel : gs1900-48hp_firmwarezyxel : gs1900-48hpv2_firmwarezyxel : xgs1210-12_firmwarezyxel : xgs1250-12_firmware

Remediation Guidance

Executive Summary

View on NIST NVD