Skip to main content

Gs1900 24Ep Firmware

9 CVEs product

Monthly

CVE-2026-7273 HIGH This Week

Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16.

Zyxel Stack Overflow Buffer Overflow Gs1900 48Hpv2 Firmware Gs1900 8 Firmware +8
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8882 MEDIUM This Month

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Gs1900 8 Firmware Gs1900 8Hp Firmware +8
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2024-8881 MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-38270 MEDIUM This Month

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Gs1900 48Hpv2 Firmware Gs1900 48 Firmware Gs1900 24Hpv2 Firmware +7
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35140 MEDIUM This Month

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Gs1900 48Hpv2 Firmware Gs1900 48 Firmware Gs1900 24Hpv2 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34746 MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-35032 HIGH PATCH This Week

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-35031 HIGH PATCH This Week

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +11
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-35030 MEDIUM PATCH This Month

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
4.3
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16.

Zyxel Stack Overflow Buffer Overflow +10
NVD VulDB
EPSS 0% CVSS 4.5
MEDIUM This Month

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service +10
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware +9
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Gs1900 48Hpv2 Firmware +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Gs1900 48Hpv2 Firmware +9
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware +11
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware +13
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zyxel Gs1900 8 Firmware +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy