CVE-2021-4039

CRITICAL EXPLOITED IN THE WILD

Zyxel NWA-1100-NH - Command Injection

Title source: llm

Description

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.

Exploits (1)

exploitdb WORKING POC

by Ahmed Alroky · textremotehardware

https://www.exploit-db.com/exploits/50870

View Code ZIP pw:eip

References (2)

[Exploit, Release Notes, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166752/Zyxel-NWA-1100-NH-Command-Injection.html

[Patch, Vendor Advisory] https://www.zyxel.com/support/OS-command-injection-vulnerability-of-NWA1100-NH-access-point.shtml

Scores

CVSS v3 9.8

EPSS 0.6089

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-05-26

InTheWild.io 2022-05-26

CWE

CWE-78

Status published

Products (1)

zyxel/nwa1100-nh_firmware < 2.12\(aasi.3\)c0

Published Mar 01, 2022

Tracked Since Feb 18, 2026