CVE-2021-35029
Improper Authentication (CWE-287)
Published: Jul 2, 2021 / Updated: 41mo ago
010
CVSS 9.8EPSS 0.5%Critical
CVE info copied to clipboard
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
First Article
Feedly found the first article mentioning CVE-2021-35029. See article
Jul 2, 2021 at 11:45 AM / twitter.com
EPSS
EPSS Score was set to: 0.5% (Percentile: 73.4%)
Sep 15, 2023 at 5:19 AM
Affected Systems
Zyxel/zywall_vpn50_firmware
+null more
Patches
www.zyxel.com
+null more
Links to Mitre Att&cks
T1548: Abuse Elevation Control Mechanism
+null more
Attack Patterns
CAPEC-114: Authentication Abuse
+null more
References
Zyxel security advisory for attacks against security appliances | Zyxel
Based on our investigation, the threat actors attempt to access a device through WAN; if successful, they then try to log in with stolen, valid credentials or bypass authentication, and to establish SSL VPN tunnels with existing or newly created users accounts, such as “zyxel_sllvpn”, “zyxel_ts”, or “zyxel_vpn_test”, to manipulate the devices’ configuration. Zyxel has been tracking the recent activity of threat actors targeting Zyxel security appliances and has released firmware patches to defend against it.
Security Vulnerability Alert and Firmware Patches - Firewall Series – Zyxel Support Campus EMEA
Based on our investigation, the threat actors attempt to access a device through WAN; if successful, they then try to log in with stolen, valid credentials or bypass authentication, and to establish SSL VPN tunnels with existing or newly created users accounts, such as “zyxel_sllvpn”, “zyxel_ts”, or “zyxel_vpn_test”, to manipulate the devices’ configuration. Helps users to enforce security policies against access to the web management interface and SSL VPN service from the Internet.
News
From Patch to Exploit: #CVE-2021-35029 - Pre-Auth RCE We will release more details in the near future. #zyxel #ghidra #bindiff
From Patch to Exploit: #CVE -2021-35029 - Pre-Auth RCE We will release more details in the near future. #zyxel #ghidra #bindiff pic.twitter.com/CC66W3ktPb - Alessio Dalla Piazza (@alessio_dp) 00:21 - Aug 20, 2021
RT @campuscodi: ZyXEL has released patches to address this attack, including a fix for the zero-day vulnerability, which also received the…
Günter Born (@etguenni) retweeted: ZyXEL has released patches to address this attack, including a fix for the zero-day vulnerability, which also received the CVE-2021-35029 identifier. See here: zyxel.com/support/Zyxel_… twitter.com/campuscodi/sta… - Catalin Cimpanu (@campuscodi) 05:08 - Aug 11, 2021 Quoted Tweet: Scoop: Zyxel says a "sophisticated threat actor" is targeting its enterprise firewall and VPN devices 👀 therecord.media/zyxel-says-a-t… pic.twitter.com/j1cxkWcGOa - Catalin Cimpanu (@campuscodi) 03:53 - Jun 24, 2021
Zyxel says a threat actor is targeting its enterprise firewall and VPN devices
“We recently became aware of a sophisticated threat actor targeting a small subset of Zyxel security appliances that have remote management or SSL VPN enabled,” the company said in an email seen by The Record. Networking equipment vendor Zyxel has emailed customers this week to alert them about a series of attacks that have been targeting some of the company’s high-end enterprise-focused firewall and VPN server products.
🚨 NEW: CVE-2021-35029 🚨 An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versio... (click for more) Severity: CRITICAL
🚨 NEW: CVE-2021-35029 🚨 An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versio... (click for more) Severity: CRITICAL nvd.nist.gov/vuln/detail/CV… - Threat Intel Center (@threatintelctr) 11:30 - Jul 08, 2021
Security Vulnerability Alert and Firmware Patches - Firewall Series – Zyxel Support Campus EMEA
Based on our investigation, the threat actors attempt to access a device through WAN; if successful, they then try to log in with stolen, valid credentials or bypass authentication, and to establish SSL VPN tunnels with existing or newly created users accounts, such as “zyxel_sllvpn”, “zyxel_ts”, or “zyxel_vpn_test”, to manipulate the devices’ configuration. Helps users to enforce security policies against access to the web management interface and SSL VPN service from the Internet.
See 12 more articles and social media posts