CVE-2021-4039 – Zyxel NWA-1100-NH - Command Injection
https://notcve.org/view.php?id=CVE-2021-4039
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. Una vulnerabilidad de inyección de comandos en la interfaz web del firmware Zyxel NWA-1100-NH podría permitir a un atacante ejecutar comandos arbitrarios del Sistema Operativo en el dispositivo. Zyxel NWA-1100-NH suffers from a command injection vulnerability. • https://www.exploit-db.com/exploits/50870 http://packetstormsecurity.com/files/166752/Zyxel-NWA-1100-NH-Command-Injection.html https://www.zyxel.com/support/OS-command-injection-vulnerability-of-NWA1100-NH-access-point.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2015-7256
https://notcve.org/view.php?id=CVE-2015-7256
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. Los puntos de acceso ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, NWA1123-NI; los CPE DSL P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, VSG1435-B101; las puertas de enlace para pequeñas empresas PMG5318-B20A GPON, SBG3300-N000, SBG3300-NB00, SBG3500-N000; los switches GS1900-8 y GS1900-24 y los modelos de módem C1000Z, Q1000, FR1000Z, P8702N emplean certificados X.509 y claves host de SSH que no son únicos. • http://www.kb.cert.org/vuls/id/566724 http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml • CWE-310: Cryptographic Issues •