CVE-2021-35032
HIGH WAF: High
CVSS 7.8
Published: 2021-12-28
CWE-78 CWE-78
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| zyxel | gs1900-8_firmware | up to 2.70\(aahh.0\)-20211208 |
| zyxel | gs1900-8hp_firmware | up to 2.70\(aahi.0\)-20211208 |
| zyxel | gs1900-10hp_firmware | up to 2.70\(aazi.0\)-20211208 |
| zyxel | gs1900-16_firmware | up to 2.70\(aahj.0\)-20211208 |
| zyxel | gs1900-24e_firmware | up to 2.70\(aahk.0\)-20211208 |
| zyxel | gs1900-24ep_firmware | up to 2.70\(abto.0\)-20211208 |
| zyxel | gs1900-24_firmware | up to 2.70\(aahl.0\)-20211208 |
| zyxel | gs1900-24hp_firmware | up to 2.70\(aahm.0\)-20211208 |
| zyxel | gs1900-24hpv2_firmware | up to 2.70\(aatp.0\)-20211208 |
| zyxel | gs1900-48_firmware | up to 2.70\(aahn.0\)-20211208 |
References
- www.zyxel.com (Patch, Vendor Advisory)