Zyxel security advisory for OS command injection vulnerabilities of GS1900/XGS1210/XGS1250
CVE: CVE-2021-35031, CVE-2021-35032
Summary
Zyxel has released patches addressing OS command injection vulnerabilities in the GS1900, XGS1210, and XGS1250 series of switches. Users are advised to install the applicable firmware updates for optimal protection.
What is the vulnerabilities?
CVE-2021-35031
An OS command injection vulnerability was identified in the TFTP client of Zyxel’s GS1900, XGS1210, and XGS1250 series of switches, such that an authenticated local user could execute arbitrary OS commands via the GUI of the vulnerable device.
CVE-2021-35032
An OS command injection vulnerability was identified in the libsal.so of Zyxel’s GS1900 series switches, such that an authenticated local user could execute OS commands via internal function calls.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable switches for CVE-2021-35031 and CVE-2021-35032 with their firmware patches shown in the table below.
CVE |
Affected model |
Patch availability |
CVE-2021-35031 |
XGS1210-12 |
|
XGS1250-12 |
||
CVE-2021-35031 CVE-2021-35032 |
GS1900-8 |
|
GS1900-8HP |
||
GS1900-10HP |
||
GS1900-16 |
||
GS1900-24E |
||
GS1900-24EP |
||
GS1900-24 |
||
GS1900-24HP |
||
GS1900-24HPv2 |
||
GS1900-48 |
||
GS1900-48HP |
||
GS1900-48HPv2 |
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Acknowledgments and commentary
Thanks to Jasper Lievisse Adriaanse for reporting the issue to us.
Revision history
2021-12-28: Initial release
2022-6-13: Update the patch availability in the table. Users are requested to contact Zyxel’s local support team for the standard firmware in the interim.
2022-9-1: Update the patch availability of the GS1900 series
Categories
- All Categories
- 395 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight