Zyxel security advisory for missing authorization vulnerability in GS1200v3 series switches
Zyxel Employee
CVE:CVE-2026-4795
Summary
Zyxel has released patches for GS1200v3 series switches affected by a missing authorization vulnerability. Users are advised to install them for optimal protection.
What is the vulnerability?
A missing authorization vulnerability in the Zyxel GS1200v3 series switch firmware could allow a LAN-based unauthenticated attacker to read the system configuration from a log file via a crafted HTTP request.
What versions are vulnerable—and what should you do?
After a thorough investigation, we identified the vulnerable switch firmware versions and released patches for models still within their vulnerability support period, as shown in the table below. Please note that on-market products not listed in the table remain unaffected.
Affected model | Affected version | Patch availability |
|---|---|---|
GS1200-5v3 | 1.00(ACPS.2)C0 and earlier | 1.00(ACPS.3)C0 |
GS1200-8v3 | 1.00(ACPT.2)C0 and earlier | 1.00(ACPT.3)C0 |
GS1200-5HPv3 | 1.00(ACPU.2)C0 and earlier | 1.00(ACPU.3)C0 |
GS1200-8HPv3 | 1.00(ACPV.2)C0 and earlier | 1.00(ACPV.3)C0 |
GS1200-10v3 | 1.00(ACPW.2)C0 and earlier | 1.00(ACPW.3)C0 |
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to Pierre Hauweele for reporting the issue to us.
Revision history
2026-5-26: Initial release
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 229 Nebula Ideas
- 130 Nebula Status and Incidents
- 6.6K Security
- 661 USG FLEX H Series
- 359 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 56 Wireless Ideas
- 7.1K Consumer Product
- 305 Service & License
- 496 News and Release
- 95 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 5K FAQ
- 34 Documents
- 89 About Community
- 110 Security Highlight