Zyxel security advisory for OS command injection vulnerability of NWA1100-NH access point

CVE: CVE-2021-4039

 

Summary

Zyxel has released a patch addressing an OS command injection vulnerability in the NWA1100-NH access point. Users are advised to install it for optimal protection.

 

What is the vulnerability?

An OS command-injection vulnerability in the NWA1100-NH access point could allow an attacker to execute arbitrary OS commands via the web interface of the vulnerable device.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified only one vulnerable product and released a firmware patch to address the issue, as shown in the table below.

Affected model

Patch availability

NWA1100-NH

2.12(AASI.3)C0

 

Got a question or a tipoff?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

 

If you want to be informed of any other new security vulnerability, please check and follow this KB:

Zyxel-Security-Advisories-CVE

You can click the "Follow" button on the top of this article to get this article's updates.

security_1.png

 

Acknowledgment

Thanks to Ahmed Alroky for reporting the issue to us.

Revision history

2022-03-01: Initial release

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.