First published: Mon Jul 26 2021(Updated: )
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
Credit: security@zyxel.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel GS1900-8 firmware | <2.70 | |
Zyxel GS1900-8 | ||
Zyxel Gs1900-8hp Firmware | <2.70 | |
Zyxel Gs1900-8hp | ||
Zyxel GS1900-10HP firmware | <2.70 | |
Zyxel GS1900-10HP | ||
Zyxel Gs1900-16 Firmware | <2.70 | |
Zyxel Gs1900-16 | ||
Zyxel Gs1900-24e Firmware | <2.70 | |
Zyxel GS1900-24E | ||
Zyxel Gs1900-24ep Firmware | <2.70 | |
Zyxel GS1900-24EP | ||
Zyxel Gs1900-24 Firmware | <2.70 | |
Zyxel GS1900-24 | ||
Zyxel Gs1900-24hp Firmware | <2.70 | |
Zyxel Gs1900-24hp | ||
Zyxel Gs1900-24hpv2 Firmware | <2.70 | |
Zyxel Gs1900-24hpv2 | ||
Zyxel Gs1900-48 Firmware | <2.70 | |
Zyxel GS1900-48 | ||
Zyxel Gs1900-48hp Firmware | <2.70 | |
Zyxel Gs1900-48hp | ||
Zyxel Gs1900-48hpv2 Firmware | <2.70 | |
Zyxel Gs1900-48hpv2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-35030.
The severity level of CVE-2021-35030 is medium (4.3).
The Zyxel GS1900-8 firmware versions up to and excluding V2.70 are affected by CVE-2021-35030.
CVE-2021-35030 could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
You can find more information about CVE-2021-35030 at the Zyxel security advisory page: https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml