CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4029
https://notcve.org/view.php?id=CVE-2021-4029
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. Una vulnerabilidad de inyección de comandos en el programa CGI del firmware Zyxel ARMOR Z1/Z2 podría permitir a un atacante ejecutar comandos arbitrarios del sistema operativo por medio de una interfaz LAN • https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4030
https://notcve.org/view.php?id=CVE-2021-4030
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. Una vulnerabilidad de tipo cross-site request forgery en el demonio HTTP del firmware Zyxel ARMOR Z1/Z2 podría permitir a un atacante ejecutar comandos arbitrarios si coacciona o engaña a un usuario local para que visite un sitio web comprometido con scripts maliciosos • https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml • CWE-352: Cross-Site Request Forgery (CSRF) •