CVE-2021-35033

Name of the Vulnerable Software and Affected Versions: Zyxel NBG6818 (affected versions not specified) Zyxel NBG7815 (affected versions not specified) Zyxel WSQ20 (affected versions not specified) Zyxel WSQ50 (affected versions not specified) Zyxel WSQ60 (affected versions not specified) Zyxel WSR30 (affected versions not specified)

Description: A vulnerability in specific versions of Zyxel firmware with pre-configured password management could allow an attacker to obtain root access of the device. This can occur if a local attacker dismantles the device and uses a USB-to-UART cable to connect to it, or if the remote assistance feature had been enabled by an authenticated user.

Recommendations: For Zyxel NBG6818, consider disabling the remote assistance feature until a patch is available. For Zyxel NBG7815, restrict physical access to the device to prevent dismantling and unauthorized connection. For Zyxel WSQ20, avoid enabling the remote assistance feature until the issue is resolved. For Zyxel WSQ50, restrict access to the device's configuration to minimize the risk of exploitation. For Zyxel WSQ60, consider implementing additional security measures to prevent unauthorized physical access. For Zyxel WSR30, disable the remote assistance feature and restrict physical access to the device until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.