4 matches found
VulnCheck KEV: CVE-2024-42057
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from...
Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers
Zyxel has released software updates to address a critical security flaw impacting certain access point AP and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 CVSS score: 9.8, the vulnerability has been described as a case of operating...
CVE-2024-42057
creationtimestamp| type| source ---|---|--- 2024-09-03 04:55:48+00:00| seen| https://t.me/cvedetector/4663 2024-09-04 12:00:00+00:00| seen| https://t.me/truesecator/6165 2024-09-05 08:37:49+00:00| seen| https://vulnerability.circl.lu/bundle/c854b418-a4e1-4135-958a-a523843c27f0 2024-11-19...
CVE-2024-42057
CVE-2024-42057 affects Zyxel Zyxel ATP and USG FLEX/USG FLEX 50(W)/USG20(W)-VPN firmware from V4.16–V5.38 (and V4.32–V5.38 for ATP/USG), with an unauthenticated OS command injection via a crafted username. The root cause is in the IPSec VPN feature; successful exploitation requires User-Based-PSK...