CVE-2021-35028

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:zywall_vpn2s_firmware:1.12\(abln.0\)c0:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*

History

02 Oct 2021, 15:18

Type	Values Removed	Values Added
References	~~(MISC) https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml -~~	(MISC) https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml - Patch, Vendor Advisory
CPE		cpe:2.3:o:zyxel:zywall_vpn2s_firmware:1.12\(abln.0\)c0:::::::* cpe:2.3:h:zyxel:zywall_vpn2s:-:::::::*
CWE		CWE-78
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8

29 Sep 2021, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-09-29 11:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-35028

Mitre link : CVE-2021-35028

CVE.ORG link : CVE-2021-35028

JSON object : View

Products Affected

zyxel

zywall_vpn2s_firmware
zywall_vpn2s

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2021-35028", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.7}]}, "published": "2021-09-29T11:15:07.547", "references": [{"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el programa CGI de Zyxel VPN2S versi\u00f3n del firmware 1.12, podr\u00eda permitir a un usuario local autenticado ejecutar comandos arbitrarios del sistema operativo"}], "lastModified": "2021-10-02T15:18:25.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:1.12\\(abln.0\\)c0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E93F6084-B93D-4D50-85C6-1D8C375D8E34"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D3F001A-8790-463F-804B-CA5CAC610867"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}