CVE-2021-35031

Name of the Vulnerable Software and Affected Versions Zyxel GS1900 series firmware (affected versions not specified) Zyxel XGS1210 series firmware (affected versions not specified) Zyxel XGS1250 series firmware (affected versions not specified)

Description A vulnerability in the TFTP client of the affected Zyxel firmware could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. The issue is related to the failure to neutralize special elements, which could enable a remote attacker to perform arbitrary commands through the graphical interface.

Recommendations For Zyxel GS1900 series firmware, update to a version that addresses the TFTP client vulnerability. For Zyxel XGS1210 series firmware, update to a version that addresses the TFTP client vulnerability. For Zyxel XGS1250 series firmware, update to a version that addresses the TFTP client vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.