PT-2021-6620 · Zyxel · Zyxel Armor Z1/Z2

Published

2021-11-29

Updated

2022-03-02

CVE-2021-4029

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zyxel ARMOR Z1/Z2 firmware (affected versions not specified)

Description A command injection issue in the CGI program of the firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. This is due to the lack of measures to neutralize special elements used in the operating system command. The exploitation of this issue may enable an attacker to execute arbitrary commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2022-01901

CVE-2021-4029

Affected Products

Zyxel Armor Z1/Z2

PT-2021-6620 · Zyxel · Zyxel Armor Z1/Z2

CVE-2021-4029

Weakness Enumeration

Related Identifiers

Affected Products

References · 5