Zyxel security advisory for directory traversal and command injection vulnerabilities of VPN2S

Zyxel_Carter
Zyxel_Carter Posts: 62  Zyxel Employee
First Comment Friend Collector Seventh Anniversary
edited October 2021 in Security Advisories

CVE: CVE-2021-35027, CVE-2021-35028

Summary

Zyxel has released a patch addressing directory traversal and command injection vulnerabilities in the VPN2S firewall. Users are advised to install it for optimal protection.

What is the vulnerability?

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in the VPN2S firewall. A command injection vulnerability caused by improper filtering for the parameters in a CGI program was also identified.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified one vulnerable product that is within its warranty and support period and released a hotfix to address the issue, as shown in the table below.

Affected model

Hotfix availability

ZyWALL VPN2S

V1.20(ABLN.2)_00210624C1

Got a question or a tipoff?

Please contact your local service rep or comment below for further information or assistance.

Acknowledgment

Thanks to Qihoo 360 for reporting the issues to us.

Revision history

2021-09-30: Initial release