1 results (0.011 seconds)

CVSS: 8.0EPSS: 0%CPEs: 28EXPL: 0

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. Una vulnerabilidad en el cliente TFTP del firmware de la serie Zyxel GS1900 versión 2.60, podría permitir a un usuario local autenticado ejecutar comandos arbitrarios del SO • https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •