HIGH✓ PATCH🇬🇧 English

CVE-2021-35033

CVSS 7.8v3.1pub. 2021-11-23upd. 2024-11-21

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Zyxel Nbg6818

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Nbg6818 Firmware

    OS
    Zyxel
    < 1.00\(absc.5\)c0
  • Zyxel Nbg7815

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Nbg7815 Firmware

    OS
    Zyxel
    < 1.00\(absk.7\)c0
  • Zyxel Wsq20

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Wsq20 Firmware

    OS
    Zyxel
    < 1.00\(abof.11\)c0
  • Zyxel Wsq50

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Wsq50 Firmware

    OS
    Zyxel
    < 2.20\(abkj.7\)c0
  • Zyxel Wsq60

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Wsq60 Firmware

    OS
    Zyxel
    < 2.20\(abnd.8\)c0
  • Zyxel Wsr30

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Wsr30 Firmware

    OS
    Zyxel
    < 1.00\(abmy.12\)c0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-27992CRITICAL9.8⚠ KEVten sam vendor

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AA...

CVE-2023-33010CRITICAL9.8⚠ KEVten sam vendor

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 throu...

CVE-2023-33009CRITICAL9.8⚠ KEVten sam vendor

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 throug...

CVE-2023-28771CRITICAL9.8⚠ KEVten sam vendor

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series fir...

CVE-2022-30525CRITICAL9.8⚠ KEVten sam vendor

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 throug...