Cross-site Scripting Flaw in Zyxel GS1900 Series Switches
CVE-2021-35030

3.5LOW

Key Information:

Vendor: Zyxel
Status: Gs1900-8 Firmware
Vendor: CVE Published:; 27 July 2021

Summary

A vulnerability in the CGI program of the Zyxel GS1900-8 switch firmware (V2.60) allows authenticated local users to exploit improperly sanitized packet contents. This flaw facilitates the execution of cross-site scripting (XSS) attacks via specially crafted LLDP packets, posing risks to network integrity and user data.

Affected Version(s)

GS1900-8 Firmware 2.60

References

https://www.zyxel.com/support/Zyxel_security_advisory_for...

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2021
Vulnerability Reserved
Jun 17, 2021