Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.13 views

CVE-2025-1732

An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...

6.7CVSS6.5AI score0.002EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.21 views

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

7.8CVSS7.7AI score0.0093EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-12335

Malicious code in bioql PyPI...

6.7CVSS6.4AI score0.002EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:15 a.m.6 views

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

7.8CVSS7.2AI score0.00154EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/21 12:0 a.m.5 views

Zyxel USG FLEX H Series Firewall < 1.32 Privilege Escalation

Firmware version of the Zyxel USG is less than uOS 1.32. This means the Zyxel device is vulnerable to a privilege escalation vulnerability. The improper privilege management vulnerability in the recovery function of certain USG FLEX H series uOS firmware versions could allow an authenticated loca...

6.7CVSS5.5AI score0.002EPSS
Exploits2References2
Exploit DB
Exploit DB
added 2025/05/18 12:0 a.m.379 views

Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation

Exploit Title: Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation Date: 2025-04-23 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.zyxel.com/ Version: Zyxel uOS V1.31 see https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-= =3D...

7.8CVSS7AI score0.0093EPSS
Exploits2
NVD
NVD
added 2025/04/22 3:15 a.m.42 views

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

7.8CVSS0.0093EPSS
Exploits2References2
CVE
CVE
added 2025/04/22 1:57 a.m.62 views

CVE-2025-1732

CVE-2025-1732: Zyxel USG FLEX H series uOS

6.7CVSS6.6AI score0.002EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2025/04/22 1:57 a.m.34 views

CVE-2025-1732

An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...

6.7CVSS0.002EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/04/22 1:57 a.m.12 views

CVE-2025-1732

An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...

6.7CVSS6.8AI score0.002EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/04/22 1:52 a.m.11 views

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

7.8CVSS7.9AI score0.0093EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/04/22 1:52 a.m.39 views

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

7.8CVSS0.0093EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.4 views

PT-2025-17479 · Unknown · Usg Flex H Series +1

Name of the Vulnerable Software and Affected Versions: USG FLEX H series uOS firmware versions from V1.20 through V1.31 Description: An incorrect permission assignment vulnerability in the PostgreSQL commands could allow an authenticated local attacker with low privileges to gain access to the...

7.8CVSS7.7AI score0.0093EPSS
Exploits2References34
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.8 views

PT-2025-17480 · Unknown · Usg Flex H Series

Name of the Vulnerable Software and Affected Versions: Zyxel USG FLEX H series uOS versions V1.31 and earlier Description: An improper privilege management issue in the recovery function could allow an authenticated local attacker with administrator privileges to upload a crafted configuration fi...

6.7CVSS7.4AI score0.002EPSS
Exploits2References17
NVD
NVD
added 2024/10/22 2:15 a.m.17 views

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

7.8CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/22 1:19 a.m.14 views

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

5.5CVSS7.7AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2024/10/22 1:19 a.m.48 views

CVE-2024-9677

Affected: Zyxel USG FLEX H series devices running uOS firmware v1.21 and earlier. Vulnerable component: CLI commands where credentials are insufficiently protected, enabling an authenticated local attacker to escalate privileges by stealing a login administrator’s authentication token if the admi...

7.8CVSS7.5AI score0.00154EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/22 1:19 a.m.15 views

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

5.5CVSS0.00154EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/02/29 12:0 a.m.7 views

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed networking devices of ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, USG FLEX H, and ATP allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in microprogrammed network devices such as ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, USG FLEX H, and ATP lies in the lack of measures to neutralize special elements used in operating system commands during the loading of binary...

8.3CVSS7.5AI score0.01333EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/20 1:42 a.m.15 views

CVE-2023-6399

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...

5.7CVSS6.6AI score0.00649EPSS
Exploits0References1
Rows per page
Query Builder