Lucene search
K

376 matches found

RedhatCVE
RedhatCVE
added 2026/02/06 7:7 a.m.6 views

CVE-2025-11730

A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...

7.2CVSS5.7AI score0.01354EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 2:15 a.m.11 views

CVE-2025-11730

A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...

7.2CVSS0.01354EPSS
Exploits0References1
CVE
CVE
added 2026/02/05 1:55 a.m.15 views

CVE-2025-11730

CVE-2025-11730 is a post-authentication command-injection vulnerability in Zyxel DDNS CLI across Zyxel ATP series (V5.35–V5.41), USG FLEX series (V5.35–V5.41), USG FLEX 50(W) (V5.35–V5.41), and USG20(W)-VPN (V5.35–V5.41). The issue allows an authenticated administrator to execute OS commands on a...

7.2CVSS5.7AI score0.01354EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/05 1:55 a.m.31 views

CVE-2025-11730

A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...

7.2CVSS0.01354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 1:55 a.m.4 views

CVE-2025-11730

A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...

7.2CVSS5.6AI score0.01354EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/05 1:55 a.m.3 views

CVE-2025-11730

A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...

7.2CVSS5.7AI score0.01354EPSS
Exploits0References2Affected Software4
EUVD
EUVD
added 2026/02/05 1:55 a.m.6 views

EUVD-2025-206867

A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...

7.2CVSS5.7AI score0.01354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.5 views

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.9 views

PT-2026-5873

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V5.35 through V5.41 Zyxel USG FLEX series versions V5.35 through V5.41 Zyxel USG FLEX 50W series versions V5.35 through V5.41 Zyxel USG20W-VPN series versions V5.35 through V5.41 Description A post-authentication...

9CVSS5.5AI score0.01354EPSS
Exploits0References18
OSV
OSV
added 2026/02/03 3:15 a.m.4 views

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

3.7CVSS5.9AI score0.00156EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 3:15 a.m.5 views

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

5.9CVSS5.9AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 3:15 a.m.8 views

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 2:26 a.m.33 views

CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 2:26 a.m.15 views

CVE-2026-24934

CVE-2026-24934 describes an insecure DDNS WAN-IP lookup in ADM firmware. The DDNS function uses HTTP or fails to validate the SSL/TLS certificate when querying an external server for the device’s WAN IP, enabling an unauthenticated MitM attacker to spoof the response and cause the device to updat...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/03 2:26 a.m.7 views

EUVD-2026-5285

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:26 a.m.5 views

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/03 2:19 a.m.9 views

EUVD-2026-5283

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.11 views

PT-2026-5766

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.12 views

PT-2026-5764

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References2
Fedora
Fedora
added 2026/01/16 5:53 p.m.10 views

[SECURITY] Fedora 42 Update: foomuuri-0.31-1.fc42

Foomuuri is a firewall generator for nftables based on the concept of zones. It is suitable for all systems from personal machines to corporate firewalls, and supports advanced features such as a rich rule language, IPv4/IPv6 rule splitting, dynamic DNS lookups, a D-Bus API and FirewallD emulatio...

7CVSS7AI score0.00171EPSS
Exploits0
Rows per page
Query Builder