Command Injection Vulnerability in Zyxel VPN2S Firmware v1.12: Arbitrary OS Command Execution

Command Injection Vulnerability in Zyxel VPN2S Firmware v1.12: Arbitrary OS Command Execution

CVE-2021-35028 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.

Learn more about our User Device Pen Test.