20 matches found
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
EUVD-2025-12335
Malicious code in bioql PyPI...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
Zyxel USG FLEX H Series Firewall < 1.32 Privilege Escalation
Firmware version of the Zyxel USG is less than uOS 1.32. This means the Zyxel device is vulnerable to a privilege escalation vulnerability. The improper privilege management vulnerability in the recovery function of certain USG FLEX H series uOS firmware versions could allow an authenticated loca...
Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
Exploit Title: Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation Date: 2025-04-23 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.zyxel.com/ Version: Zyxel uOS V1.31 see https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-= =3D...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1732
CVE-2025-1732: Zyxel USG FLEX H series uOS
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
PT-2025-17479 · Unknown · Usg Flex H Series +1
Name of the Vulnerable Software and Affected Versions: USG FLEX H series uOS firmware versions from V1.20 through V1.31 Description: An incorrect permission assignment vulnerability in the PostgreSQL commands could allow an authenticated local attacker with low privileges to gain access to the...
PT-2025-17480 · Unknown · Usg Flex H Series
Name of the Vulnerable Software and Affected Versions: Zyxel USG FLEX H series uOS versions V1.31 and earlier Description: An improper privilege management issue in the recovery function could allow an authenticated local attacker with administrator privileges to upload a crafted configuration fi...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
CVE-2024-9677
Affected: Zyxel USG FLEX H series devices running uOS firmware v1.21 and earlier. Vulnerable component: CLI commands where credentials are insufficiently protected, enabling an authenticated local attacker to escalate privileges by stealing a login administrator’s authentication token if the admi...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed networking devices of ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, USG FLEX H, and ATP allows a perpetrator to execute arbitrary commands.
The vulnerability of the File Transfer Protocol FTP implementation in microprogrammed network devices such as ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, USG FLEX H, and ATP lies in the lack of measures to neutralize special elements used in operating system commands during the loading of binary...
CVE-2023-6399
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...