{"vulnerability": "CVE-2021-3502", "sightings": [{"uuid": "72dee556-05dc-49b0-aff2-1de4f395a070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35028", "type": "seen", "source": "https://t.me/cibsecurity/29622", "content": "\u203c CVE-2021-35028 \u203c\n\nA command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T14:36:46.000000Z"}, {"uuid": "7d66e0fe-c803-4de9-aafe-e9b90f536df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-35029", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_18/2021", "content": "", "creation_timestamp": "2021-06-28T13:17:23.000000Z"}, {"uuid": "c60ecdfc-0443-4f07-ae92-d45499606542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35027", "type": "seen", "source": "https://t.me/cibsecurity/29626", "content": "\u203c CVE-2021-35027 \u203c\n\nA directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-29T14:36:51.000000Z"}, {"uuid": "54b38f42-3199-45cd-a27c-7c9ea028cf7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35029", "type": "seen", "source": "https://t.me/cibsecurity/25886", "content": "\u203c CVE-2021-35029 \u203c\n\nAn authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-02T14:32:57.000000Z"}]}