VDB
CVE-2021-35029
CVE-2021-35029
PUBLISHED
CVSS 9.800000190734863 CRITICAL
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
EPSS 0.20% · 41.4th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.20%
41.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| zyxel | usg_flex_100w_firmware | 4.35 |
| zyxel | usg20w-vpn_firmware | 4.35 |
| zyxel | usg40_firmware | 4.35 |
| Zyxel | USG FLEX series Firmware | 4.35 through 5.01 |
| zyxel | usg20_firmware | 4.35 |
| zyxel | usg20w_firmware | 4.35 |
| zyxel | zywall_310_firmware | 4.35 |
| zyxel | usg_flex_200_firmware | 4.35 |
| zyxel | usg60_firmware | 4.35 |
| zyxel | usg110_firmware | 4.35 |
| zyxel | usg_flex_700_firmware | 4.35 |
| zyxel | zywall_atp700_firmware | 4.35 |
| zyxel | usg20-vpn_firmware | 4.35 |
| zyxel | zywall_vpn100_firmware | 4.35 |
| zyxel | zywall_atp100_firmware | 4.35 |
| zyxel | usg1900_firmware | 4.35 |
| zyxel | zywall_atp100w_firmware | 4.35 |
| zyxel | zywall_atp200_firmware | 4.35 |
| Zyxel | ATP series Firmware | * |
| zyxel | zywall_vpn50_firmware | 4.35 |
…and 21 more
Timeline
- Jun 28, 2021 PoC Published
- Jul 2, 2021 CVE Published
- Jul 3, 2021 EPSS Score
- Sep 1, 2021 EPSS Score
- Oct 31, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 28, 2022 EPSS Score
- Aug 28, 2022 EPSS Score
- Oct 27, 2022 EPSS Score