zyxel usg1900_firmware 认证机制不恰当
CVE编号
CVE-2021-35029利用情况
暂无补丁情况
N/A披露时间
2021-07-02漏洞描述
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_sec... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg1000_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg100_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg1100_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg110_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg1900_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg20-vpn_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg2000_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg200_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg20w-vpn_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg20w_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg20_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg210_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg2200-vpn_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg300_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg310_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg40w_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg40_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg50_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg60w_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg60_firmware | * | From (including) 4.35 | Up to (including) 4.64 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_100w_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_100_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_200_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_500_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_700_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_1100_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_110_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_310_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_atp100w_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_atp100_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_atp200_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_atp500_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_atp700_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_atp800_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_vpn100_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_vpn300_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | zywall_vpn50_firmware | * | From (including) 4.35 | Up to (including) 5.01 | ||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg1000 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg110 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg1100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg1900 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg20-vpn | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg2000 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg20w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg20w-vpn | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg210 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg2200-vpn | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg300 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg310 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg40 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg40w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg50 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg60 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg60w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_100w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_500 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_700 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_110 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_1100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_310 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_atp100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_atp100w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_atp200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_atp500 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_atp700 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_atp800 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_vpn100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_vpn300 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | zywall_vpn50 | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-287 | 认证机制不恰当 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论