9.8

CVE-2021-35029

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

Data is provided by the National Vulnerability Database (NVD)
ZyxelUsg1900 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg1900 Version-
ZyxelUsg1100 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg1100 Version-
ZyxelUsg310 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg310 Version-
ZyxelUsg210 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg210 Version-
ZyxelUsg110 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg110 Version-
ZyxelUsg40 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg40 Version-
ZyxelUsg40w Firmware Version >= 4.35 <= 4.64
   ZyxelUsg40w Version-
ZyxelUsg60 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg60 Version-
ZyxelUsg60w Firmware Version >= 4.35 <= 4.64
   ZyxelUsg60w Version-
ZyxelUsg300 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg300 Version-
ZyxelUsg1000 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg1000 Version-
ZyxelUsg2000 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg2000 Version-
ZyxelUsg20 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg20 Version-
ZyxelUsg20w Firmware Version >= 4.35 <= 4.64
   ZyxelUsg20w Version-
ZyxelUsg50 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg50 Version-
ZyxelUsg100 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg100 Version-
ZyxelUsg200 Firmware Version >= 4.35 <= 4.64
   ZyxelUsg200 Version-
ZyxelUsg Flex 100 Firmware Version >= 4.35 <= 5.01
   ZyxelUsg Flex 100 Version-
ZyxelUsg Flex 200 Firmware Version >= 4.35 <= 5.01
   ZyxelUsg Flex 200 Version-
ZyxelUsg Flex 500 Firmware Version >= 4.35 <= 5.01
   ZyxelUsg Flex 500 Version-
ZyxelUsg Flex 100w Firmware Version >= 4.35 <= 5.01
   ZyxelUsg Flex 100w Version-
ZyxelUsg Flex 700 Firmware Version >= 4.35 <= 5.01
   ZyxelUsg Flex 700 Version-
ZyxelZywall Atp100 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall Atp100 Version-
ZyxelZywall Atp100w Firmware Version >= 4.35 <= 5.01
   ZyxelZywall Atp100w Version-
ZyxelZywall Atp200 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall Atp200 Version-
ZyxelZywall Atp500 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall Atp500 Version-
ZyxelZywall Atp700 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall Atp700 Version-
ZyxelZywall Atp800 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall Atp800 Version-
ZyxelZywall Vpn50 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall Vpn50 Version-
ZyxelZywall Vpn100 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall Vpn100 Version-
ZyxelZywall Vpn300 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall Vpn300 Version-
ZyxelUsg20-vpn Firmware Version >= 4.35 <= 5.01
   ZyxelUsg20-vpn Version-
ZyxelUsg20w-vpn Firmware Version >= 4.35 <= 5.01
   ZyxelUsg20w-vpn Version-
ZyxelUsg2200-vpn Firmware Version >= 4.35 <= 5.01
   ZyxelUsg2200-vpn Version-
ZyxelZywall 110 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall 110 Version-
ZyxelZywall 310 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall 310 Version-
ZyxelZywall 1100 Firmware Version >= 4.35 <= 5.01
   ZyxelZywall 1100 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.71% 0.701
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
security@zyxel.com.tw 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.