Zyxel security advisory for OS command injection vulnerabilities of GS1900/XGS1210/XGS1250

Posts: 89  Ally Member
First Comment Friend Collector Fourth Anniversary
edited September 2022 in Security Advisories

CVE:   CVE-2021-35031CVE-2021-35032

Summary

Zyxel has released patches addressing OS command injection vulnerabilities in the GS1900, XGS1210, and XGS1250 series of switches. Users are advised to install the applicable firmware updates for optimal protection.

What is the vulnerabilities?

CVE-2021-35031

An OS command injection vulnerability was identified in the TFTP client of Zyxel’s GS1900, XGS1210, and XGS1250 series of switches, such that an authenticated local user could execute arbitrary OS commands via the GUI of the vulnerable device.

CVE-2021-35032

An OS command injection vulnerability was identified in the libsal.so of Zyxel’s GS1900 series switches, such that an authenticated local user could execute OS commands via internal function calls.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable switches for CVE-2021-35031 and CVE-2021-35032 with their firmware patches shown in the table below. 

CVE

Affected model

Patch availability

CVE-2021-35031

XGS1210-12

V1.00(ABTY.5)C0

XGS1250-12

V1.00(ABWE.1)C0

CVE-2021-35031

CVE-2021-35032

GS1900-8

V2.70(AAHH.3)C0

GS1900-8HP

V2.70(AAHI.3)C0

GS1900-10HP

V2.70(AAZI.3)C0

GS1900-16

V2.70(AAHJ.3)C0

GS1900-24E

V2.70(AAHK.3)C0

GS1900-24EP

V2.70(ABTO.3)C0

GS1900-24

V2.70(AAHL.3)C0

GS1900-24HP

V2.70(AAHM.3)C0

GS1900-24HPv2 

V2.70(ABTP.3)C0

GS1900-48 

V2.70(AAHN.3)C0

GS1900-48HP

V2.70(AAHO.3)C0

GS1900-48HPv2

V2.70(ABTQ.3)C0

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance. 

Acknowledgments and commentary

Thanks to Jasper Lievisse Adriaanse for reporting the issue to us.

Revision history

2021-12-28: Initial release

2022-6-13: Update the patch availability in the table. Users are requested to contact Zyxel’s local support team for the standard firmware in the interim.

2022-9-1: Update the patch availability of the GS1900 series

Comments

  • Posts: 51  Ally Member
    First Comment Friend Collector Sixth Anniversary

    Since I just wasted a day on this update, I thought I'd flag this here. It is from the GS1900-24HP_ReleaseNote_V270(AAHM.3)C0.pdf and it reads as follows :
    Known Issue

    1. After upgrading to firmware V2.70 or later versions from V2.60 or prior
      versions, Switch will operate properly on the new firmware even though
      the firmware version indicate “Unknown”. The recovery step is to reboot
      the Switch and it will display the correct firmware version.
    v270aahm3_unknown.png

    Note that this "reboot" to correct the firmware version reporting as "unknown" occurs even after rebooting with a prior firmware version and does not correct until applying the "unknown" v2.70 version from the backup image and then rebooting.

    v270aahm3_unknownResolved.png


    Then double check the SNMPv3 settings.

Welcome!

It looks like you're new here. If you want to get involved, click on this button!
Sign In
Register

Welcome!

It looks like you're new here. If you want to get involved, click on this button!
Sign In
Register

Quick Links

Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)