Vulnerability Description
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Gs1900-8 Firmware | < 2.70 |
| Zyxel | Gs1900-8 | - |
| Zyxel | Gs1900-8Hp Firmware | < 2.70 |
| Zyxel | Gs1900-8Hp | - |
| Zyxel | Gs1900-10Hp Firmware | < 2.70 |
| Zyxel | Gs1900-10Hp | - |
| Zyxel | Gs1900-16 Firmware | < 2.70 |
| Zyxel | Gs1900-16 | - |
| Zyxel | Gs1900-24E Firmware | < 2.70 |
| Zyxel | Gs1900-24E | - |
| Zyxel | Gs1900-24Ep Firmware | < 2.70 |
| Zyxel | Gs1900-24Ep | - |
| Zyxel | Gs1900-24 Firmware | < 2.70 |
| Zyxel | Gs1900-24 | - |
| Zyxel | Gs1900-24Hp Firmware | < 2.70 |
| Zyxel | Gs1900-24Hp | - |
| Zyxel | Gs1900-24Hpv2 Firmware | < 2.70 |
| Zyxel | Gs1900-24Hpv2 | - |
| Zyxel | Gs1900-48 Firmware | < 2.70 |
| Zyxel | Gs1900-48 | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GPatchVendor Advisory
- https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GPatchVendor Advisory
FAQ
What is CVE-2021-35030?
CVE-2021-35030 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-s...
How severe is CVE-2021-35030?
CVE-2021-35030 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35030?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-8 Firmware, Zyxel Gs1900-8, Zyxel Gs1900-8Hp Firmware, Zyxel Gs1900-8Hp, Zyxel Gs1900-10Hp Firmware.