CVE-2021-35028

Name of the Vulnerable Software and Affected Versions Zyxel VPN2S firmware version 1.12

Description A command injection vulnerability in the CGI program could allow an authenticated, local user to execute arbitrary OS commands. The vulnerability is related to the failure to neutralize special elements used in the operating system command.

Recommendations For Zyxel VPN2S firmware version 1.12, consider disabling the CGI program as a temporary workaround until a patch is available. Restrict access to the CGI interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.