Lucene search
PRIOn knowledge basePRION:CVE-2020-29299HistoryDec 27, 2020 - 6:15 a.m.
Command injection
2020-12-2706:15:00
PRIOn knowledge base
www.prio-n.com
3
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nsg_firmware | lt | 1.33 | |
| nsg_firmware | eq | 1.33 patch1 | |
| nsg_firmware | eq | 1.33 | |
| vpn_orchestrator | lt | 10.03 | |
| zld | lt | 4.39 | |
| zld | lt | 4.55 | |
| zld | lt | 4.55 | |
| zld | lt | 4.39 |
Related
cvelist
cvelist
CVE-2020-29299
2020-12-27 05:51:45
cve
cve
CVE-2020-29299
2020-12-27 06:15:12
nvd
nvd
CVE-2020-29299
2020-12-27 06:15:12