Zyxel has released patches addressing OS command injection vulnerabilities (CVE-2021-35031, CVE-2021-35032) in the GS1900, XGS1210, and XGS1250 series of switches. These vulnerabilities could allow a remote authenticated attacker to execute arbitrary commands on the system.

More information on vulnerabilities and updates is available in Zyxel security advisory - zyxel.com.