Platform
zyxel
Component
usg-zywall-series-firmware
Opgelost in
4.35.1
4.35.1
4.35.1
4.35.1
CVE-2021-35029 describes an authentication bypass vulnerability discovered in Zyxel USG/Zywall series firmware. This flaw allows a remote attacker to execute arbitrary commands on affected devices, potentially leading to complete system compromise. The vulnerability impacts firmware versions 4.35 through 5.01, including USG Flex, ATP, and VPN series. Zyxel has acknowledged the issue and is expected to release a patch.
The impact of CVE-2021-35029 is severe. Successful exploitation allows an attacker to bypass authentication and gain full control of the affected Zyxel firewall. This could involve modifying firewall rules, stealing sensitive data (user credentials, VPN configurations, network traffic logs), installing malware, or using the device as a pivot point to attack other systems on the network. Given the critical nature of firewalls in network security, a compromised device can have a wide-ranging impact, potentially exposing an entire organization to significant risk. The ability to execute arbitrary commands mirrors the impact of remote code execution (RCE) vulnerabilities, allowing attackers to perform virtually any action they desire on the system.
CVE-2021-35029 was publicly disclosed on July 2, 2021. While no public exploits have been widely reported, the critical severity and ease of exploitation (authentication bypass) suggest a high probability of exploitation. The vulnerability is tracked on CISA's KEV catalog, indicating a heightened concern. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns targeting Zyxel devices.
Organizations relying on Zyxel USG/Zywall series firewalls for network security are at significant risk. This includes small to medium-sized businesses (SMBs), remote offices, and any organization using these devices to protect their network perimeter. Shared hosting environments utilizing Zyxel firewalls are particularly vulnerable, as a compromise of one device could potentially impact multiple tenants.
• linux / server:
journalctl -u zyxel-firewall | grep -i "authentication bypass"• generic web:
curl -I https://<zywall_ip>/ | grep -i "server: zyxel"• zyxel: Check Zyxel support portal for specific detection signatures or IDS/IPS rules related to CVE-2021-35029.
disclosure
discovery
Exploit Status
EPSS
0.20% (42% percentiel)
CVSS-vector
The primary mitigation for CVE-2021-35029 is to upgrade to a patched firmware version as soon as it becomes available from Zyxel. Until a patch is applied, consider implementing temporary workarounds to reduce the attack surface. This might involve disabling remote management access via the web interface or restricting access to the management interface to specific IP addresses. Review firewall rules and logs for any suspicious activity. Implement multi-factor authentication (MFA) where possible to add an extra layer of security. Monitor network traffic for unusual patterns that might indicate an ongoing attack.
Werk de firmware van uw Zyxel USG/Zywall apparaat bij naar een versie later dan 5.01 om de authenticatie-omissievulnerability te mitigeren. Raadpleeg de Zyxel website voor de laatste firmware-updates en installatie-instructies.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2021-35029 is a critical vulnerability allowing remote attackers to execute commands on Zyxel USG/Zywall firewalls running versions 4.35 through 5.01.
If you are using Zyxel USG/Zywall firmware versions 4.35 through 5.01, you are potentially affected by this vulnerability. Check your firmware version immediately.
Upgrade to the latest patched firmware version as soon as it is available from Zyxel. Until then, implement temporary workarounds like restricting remote management access.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of active exploitation. Monitor your systems closely.
Refer to the Zyxel security advisory on their support portal: https://www.zyxel.com/support/security-advisories.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.