Zyxel security advisory for OS command injection vulnerability of NWA1100-NH access point

CVE: CVE-2021-4039

Summary

Zyxel has released a patch addressing an OS command injection vulnerability in the NWA1100-NH access point. Users are advised to install it for optimal protection.

What are the vulnerabilities?

An OS command-injection vulnerability in the NWA1100-NH access point could allow an attacker to execute arbitrary OS commands via the web interface of the vulnerable device.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified only one vulnerable product and released a firmware patch to address the issue, as shown in the table below.

Affected model	Patch availability
NWA1100-NH	2.12(AASI.3)C0

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

Acknowledgment

Thanks to Ahmed Alroky for reporting the issue to us.

Revision history

2022-03-01: Initial release

Security

Networking

Service and License

Home Connectivity

Success Stories

Organization Sizes

Use Cases

Technologies

What’s New?

Support

Training

Buy Online

Locate Partners

Select Your Location

Africa

Asia

Central America

Europe

Middle East

North America

Oceania

South America

Zyxel security advisory for OS command injection vulnerability of NWA1100-NH access point

Have a question?