3 matches found
CVE-2023-22914
A path traversal vulnerability in the “accountprint.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS command...
CVE-2023-22914
A path traversal vulnerability in the “accountprint.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS command...
CVE-2023-22914
CVE-2023-22914 affects Zyxel USG FLEX (firmware 4.50–5.35) and VPN series (4.30–5.35). The root cause is a path traversal in account_print.cgi that can let a remote authenticated administrator execute OS commands in the tmp directory by uploading a crafted file when the hotspot function is enable...