Platform
zyxel
Component
usg-zywall-series-firmware
Fixed in
4.35.1
4.35.1
4.35.1
4.35.1
CVE-2021-35029 describes an authentication bypass vulnerability discovered in Zyxel USG/Zywall series firmware. This flaw allows a remote attacker to execute arbitrary commands on affected devices, potentially leading to complete system compromise. The vulnerability impacts firmware versions 4.35 through 5.01, including USG Flex, ATP, and VPN series. Zyxel has acknowledged the issue and is expected to release a patch.
The impact of CVE-2021-35029 is severe. Successful exploitation allows an attacker to bypass authentication and gain full control of the affected Zyxel firewall. This could involve modifying firewall rules, stealing sensitive data (user credentials, VPN configurations, network traffic logs), installing malware, or using the device as a pivot point to attack other systems on the network. Given the critical nature of firewalls in network security, a compromised device can have a wide-ranging impact, potentially exposing an entire organization to significant risk. The ability to execute arbitrary commands mirrors the impact of remote code execution (RCE) vulnerabilities, allowing attackers to perform virtually any action they desire on the system.
CVE-2021-35029 was publicly disclosed on July 2, 2021. While no public exploits have been widely reported, the critical severity and ease of exploitation (authentication bypass) suggest a high probability of exploitation. The vulnerability is tracked on CISA's KEV catalog, indicating a heightened concern. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns targeting Zyxel devices.
Exploit Status
EPSS
0.20% (42% percentile)
CVSS Vector
The primary mitigation for CVE-2021-35029 is to upgrade to a patched firmware version as soon as it becomes available from Zyxel. Until a patch is applied, consider implementing temporary workarounds to reduce the attack surface. This might involve disabling remote management access via the web interface or restricting access to the management interface to specific IP addresses. Review firewall rules and logs for any suspicious activity. Implement multi-factor authentication (MFA) where possible to add an extra layer of security. Monitor network traffic for unusual patterns that might indicate an ongoing attack.
Update your Zyxel USG/Zywall device firmware to a version later than 5.01 to mitigate the authentication bypass vulnerability. Refer to the Zyxel website for the latest firmware updates and installation instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-35029 is a critical vulnerability allowing remote attackers to execute commands on Zyxel USG/Zywall firewalls running versions 4.35 through 5.01.
If you are using Zyxel USG/Zywall firmware versions 4.35 through 5.01, you are potentially affected by this vulnerability. Check your firmware version immediately.
Upgrade to the latest patched firmware version as soon as it is available from Zyxel. Until then, implement temporary workarounds like restricting remote management access.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of active exploitation. Monitor your systems closely.
Refer to the Zyxel security advisory on their support portal: https://www.zyxel.com/support/security-advisories.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.