Cross-Site Scripting (XSS) Vulnerability in Zyxel GS1900-8 Firmware V2.60

Cross-Site Scripting (XSS) Vulnerability in Zyxel GS1900-8 Firmware V2.60

CVE-2021-35030 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.

Learn more about our User Device Pen Test.