Headline
CVE-2021-35032: Zyxel security advisory for OS command injection vulnerabilities of GS1900, XGS1210, and XGS1250 series switches
A vulnerability in the ‘libsal.so’ of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
- Homepage
- Support
- Security Advisories
- Zyxel security advisory for OS command injection vulnerabilities of GS1900, XGS1210, and XGS1250 series switches
CVE: CVE-2021-35031, CVE-2021-35032
Summary
Zyxel has released patches addressing OS command injection vulnerabilities in the GS1900, XGS1210, and XGS1250 series of switches. Users are advised to install the applicable firmware updates for optimal protection.
What are the vulnerabilities?
CVE-2021-35031
An OS command injection vulnerability was identified in the TFTP client of Zyxel’s GS1900, XGS1210, and XGS1250 series of switches, such that an authenticated local user could execute arbitrary OS commands via the GUI of the vulnerable device.
CVE-2021-35032
An OS command injection vulnerability was identified in the libsal.so of Zyxel’s GS1900 series switches, such that an authenticated local user could execute OS commands via internal function calls.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable switches for CVE-2021-35031 and CVE-2021-35032 that are within their warranty and support period, with their firmware patches shown in the table below.
CVE
Affected model
Patch availability
CVE-2021-35031
CVE-2021-35032
GS1900-8
V2.70(AAHH.0)C0 in Nov. 2021
GS1900-8HP
V2.70(AAHI.0)C0 in Nov. 2021
GS1900-10HP
V2.70(AAZI.0)C0 in Nov. 2021
GS1900-16
V2.70(AAHJ.0)C0 in Nov. 2021
GS1900-24E
V2.70(AAHK.0)C0 in Nov. 2021
GS1900-24EP
V2.70(ABTO.0)C0 in Nov. 2021
GS1900-24
V2.70(AAHL.0)C0 in Nov. 2021
GS1900-24HP
V2.70(AAHM.0)C0 in Nov. 2021
GS1900-24HPv2
V2.70(ABTP.0)C0 in Nov. 2021
GS1900-48
V2.70(AAHN.0)C0 in Nov. 2021
GS1900-48HP
V2.70(AAHO.0)C0 in Nov. 2021
GS1900-48HPv2
V2.70(ABTQ.0)C0 in Nov. 2021
CVE-2021-35031
XGS1210-12
V1.00(ABTY.5)C0 in Dec. 2021
CVE-2021-35031
XGS1250-12
V1.00(ABWE.1)C0 in Dec. 2021
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Acknowledgment
Thanks to Jasper Lievisse Adriaanse for reporting the issue to us.
Revision history
2021-12-28: Initial release