CVE-2021-35027

Name of the Vulnerable Software and Affected Versions Zyxel VPN2S firmware version 1.12

Description A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware could allow a remote attacker to gain access to sensitive information. This issue exists due to incorrect restriction of the directory path name with limited access. The exploitation of this vulnerability may allow a remote attacker to obtain confidential information.

Recommendations For Zyxel VPN2S firmware version 1.12, consider restricting access to the web server until a patch is available. As a temporary workaround, limit the exposure of sensitive information by implementing additional security measures, such as configuring the firewall to restrict incoming connections to the web server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.