Zyxel security advisory for missing authorization vulnerability in GS1200v3 series switches
CVE: CVE-2026-4795
Summary
Zyxel has released patches for GS1200v3 series switches affected by a missing authorization vulnerability. Users are advised to install them for optimal protection.
What is the vulnerability?
A missing authorization vulnerability in the Zyxel GS1200v3 series switch firmware could allow a LAN-based unauthenticated attacker to read the system configuration from a log file via a crafted HTTP request.
What versions are vulnerable—and what should you do?
After a thorough investigation, we identified the vulnerable switch firmware versions and released patches for models still within their vulnerability support period, as shown in the table below. Please note that on-market products not listed in the table remain unaffected.
| Affected model | Affected version | Patch availability |
|---|---|---|
| GS1200-5v3 | 1.00(ACPS.2)C0 and earlier | 1.00(ACPS.3)C0 |
| GS1200-8v3 | 1.00(ACPT.2)C0 and earlier | 1.00(ACPT.3)C0 |
| GS1200-5HPv3 | 1.00(ACPU.2)C0 and earlier | 1.00(ACPU.3)C0 |
| GS1200-8HPv3 | 1.00(ACPV.2)C0 and earlier | 1.00(ACPV.3)C0 |
| GS1200-10v3 | 1.00(ACPW.2)C0 and earlier | 1.00(ACPW.3)C0 |
Got a question?
Please contact your local service rep or visit Zyxel's Community for further information or assistance.
Acknowledgment
Thanks to Pierre Hauweele for reporting the issue to us.
Revision history
2026-5-26: Initial release