VDB

CVE-2021-35029

CVE-2021-35029 PUBLISHED CVSS 9.800000190734863 CRITICAL

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

EPSS 0.20% · 41.4th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.20%
41.4th percentile

Affected Products

VendorProductVersions
zyxelusg_flex_100w_firmware4.35
zyxelusg20w-vpn_firmware4.35
zyxelusg40_firmware4.35
ZyxelUSG FLEX series Firmware4.35 through 5.01
zyxelusg20_firmware4.35
zyxelusg20w_firmware4.35
zyxelzywall_310_firmware4.35
zyxelusg_flex_200_firmware4.35
zyxelusg60_firmware4.35
zyxelusg110_firmware4.35
zyxelusg_flex_700_firmware4.35
zyxelzywall_atp700_firmware4.35
zyxelusg20-vpn_firmware4.35
zyxelzywall_vpn100_firmware4.35
zyxelzywall_atp100_firmware4.35
zyxelusg1900_firmware4.35
zyxelzywall_atp100w_firmware4.35
zyxelzywall_atp200_firmware4.35
ZyxelATP series Firmware*
zyxelzywall_vpn50_firmware4.35

…and 21 more

Timeline

  • Jun 28, 2021 PoC Published
  • Jul 2, 2021 CVE Published
  • Jul 3, 2021 EPSS Score
  • Sep 1, 2021 EPSS Score
  • Oct 31, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jun 28, 2022 EPSS Score
  • Aug 28, 2022 EPSS Score
  • Oct 27, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›