20 matches found
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...
EUVD-2025-12335
Malicious code in bioql PyPI...
Zyxel USG FLEX H Series Firewall < 1.32 Privilege Escalation
Firmware version of the Zyxel USG is less than uOS 1.32. This means the Zyxel device is vulnerable to a privilege escalation vulnerability. The improper privilege management vulnerability in the recovery function of certain USG FLEX H series uOS firmware versions could allow an authenticated loca...
Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
Exploit Title: Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation Date: 2025-04-23 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.zyxel.com/ Version: Zyxel uOS V1.31 see https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-= =3D...
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...
CVE-2025-1732
CVE-2025-1732: Zyxel USG FLEX H series uOS
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
PT-2025-17479 · Unknown · Usg Flex H Series +1
Name of the Vulnerable Software and Affected Versions: USG FLEX H series uOS firmware versions from V1.20 through V1.31 Description: An incorrect permission assignment vulnerability in the PostgreSQL commands could allow an authenticated local attacker with low privileges to gain access to the...
PT-2025-17480 · Unknown · Usg Flex H Series
Name of the Vulnerable Software and Affected Versions: Zyxel USG FLEX H series uOS versions V1.31 and earlier Description: An improper privilege management issue in the recovery function could allow an authenticated local attacker with administrator privileges to upload a crafted configuration fi...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
CVE-2024-9677
Affected: Zyxel USG FLEX H series devices running uOS firmware v1.21 and earlier. Vulnerable component: CLI commands where credentials are insufficiently protected, enabling an authenticated local attacker to escalate privileges by stealing a login administrator’s authentication token if the admi...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
CVE-2023-6399
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...
CVE-2017-8974
A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found...
CVE-2017-5803
A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found...
HPE NonStop Server L-Series, J-Series, and H-series Products Local Security Bypass Vulnerability
HPE NonStop Server L-Series, J-Series, and H-series are all different families of fault-tolerant server products from Hewlett Packard Enterprise HPE. A local security bypass vulnerability exists in the HPE NonStop Server L-Series, J-Series, and H-series products. A local attacker could exploit th...
Cross site scripting
Cross-site scripting XSS vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...