CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35034
https://notcve.org/view.php?id=CVE-2021-35034
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. Una vulnerabilidad de caducidad de sesión insuficiente en el programa CGI del firmware Zyxel NBG6604 podría permitir a un atacante remoto acceder al dispositivo si es posible interceptar el token correcto • https://www.zyxel.com/support/Zyxel_security_advisory_for_sensitive_information_vulnerabilities_of_NBG6604_home_router.shtml • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35032
https://notcve.org/view.php?id=CVE-2021-35032
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Una vulnerabilidad en el archivo "libsal.so" del firmware de la serie Zyxel GS1900 versión 2.60, podría permitir a un usuario local autenticado ejecutar comandos arbitrarios del sistema operativo por medio de una llamada de función diseñada • https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 28EXPL: 0CVE-2021-35031
https://notcve.org/view.php?id=CVE-2021-35031
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. Una vulnerabilidad en el cliente TFTP del firmware de la serie Zyxel GS1900 versión 2.60, podría permitir a un usuario local autenticado ejecutar comandos arbitrarios del SO • https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2021-35033
https://notcve.org/view.php?id=CVE-2021-35033
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. Una vulnerabilidad en versiones específicas del firmware de Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60 y WSR30 con administación de contraseñas preconfigurada podría permitir a un atacante obtener acceso root del dispositivo, si el atacante local desmonta el dispositivo y usa un cable USB a UART para conectarlo, o si la funcionalidad remote assistance ha sido habilitada por un usuario autenticado • https://www.tenable.com/security/research/tra-2022-06 https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml • CWE-260: Password in Configuration File CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35028
https://notcve.org/view.php?id=CVE-2021-35028
A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. Una vulnerabilidad de inyección de comandos en el programa CGI de Zyxel VPN2S versión del firmware 1.12, podría permitir a un usuario local autenticado ejecutar comandos arbitrarios del sistema operativo • https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •