Lucene search
K

52 matches found

CVE
CVE
added 2024/11/27 9:39 a.m.290 views

CVE-2024-11667

CVE-2024-11667 involves a directory traversal flaw in Zyxel firewalls' web management interface (ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN) affecting firmware V5.00–V5.38 (and related ranges). The vulnerability could allow an attacker to download or upload files via a crafted URL, with impact t...

9.8CVSS6.9AI score0.03017EPSS
In wildExploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/11/27 12:0 a.m.136 views

CVE-2024-11667

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50W series firmware versions V5.10 through V5.38, and USG20W-VPN series firmware versions V5.10 through...

9.8CVSS7AI score0.03017EPSS
In wildExploits0References3
NVD
NVD
added 2024/09/03 3:15 a.m.45 views

CVE-2024-42061

A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...

6.1CVSS0.00295EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 2:15 a.m.32 views

CVE-2024-42057

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...

8.1CVSS0.0132EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 2:15 a.m.29 views

CVE-2024-42059

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...

7.2CVSS0.01339EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 2:15 a.m.30 views

CVE-2024-42060

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...

7.2CVSS0.01339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/03 1:59 a.m.16 views

CVE-2024-42061

A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...

6.1CVSS5.2AI score0.00295EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 1:59 a.m.66 views

CVE-2024-42061

CVE-2024-42061 is a documented reflected cross-site scripting (XSS) vulnerability in Zyxel devices. The CGI program \

6.1CVSS5.2AI score0.00295EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/03 1:54 a.m.15 views

CVE-2024-42060

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...

7.2CVSS7.6AI score0.01339EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 1:54 a.m.61 views

CVE-2024-42060

CVE-2024-42060 is a post-authentication command-injection vulnerability in Zyxel devices, affecting firmware ranges: ATP v4.32–5.38 , USG FLEX v4.50–5.38 , USG FLEX 50(W) v4.16–5.38 , and USG20(W)-VPN v4.16–5.38 . An authenticated administrator can upload a crafted internal user agreement file to...

7.2CVSS7.7AI score0.01339EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/03 1:54 a.m.33 views

CVE-2024-42060

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...

7.2CVSS0.01339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/03 1:51 a.m.25 views

CVE-2024-42059

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...

7.2CVSS0.01339EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 1:51 a.m.61 views

CVE-2024-42059

CVE-2024-42059 affects Zyxel devices including ATP series firmware V5.00–V5.38, USG FLEX series V5.00–V5.38, USG FLEX 50(W) V5.00–V5.38, and USG20(W)-VPN V5.00–V5.38. The issue is a post-authentication command-injection vulnerability in the FTP handling that allows an authenticated administrator ...

7.2CVSS7.7AI score0.01339EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/03 1:47 a.m.15 views

CVE-2024-42058

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V5.20 through V5.38, and USG20W-VPN series firmware versions from V5.20 through V5.38 cou...

7.5CVSS7AI score0.00621EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 1:47 a.m.58 views

CVE-2024-42058

CVE-2024-42058 is a null pointer dereference vulnerability in Zyxel devices: Zyxel ATP firmware v4.32–v5.38, USG FLEX v4.50–v5.38, USG FLEX 50(W) v5.20–v5.38, and USG20(W)-VPN v5.20–v5.38. It allows an unauthenticated attacker to cause DoS by sending crafted packets, with network attack vector an...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/03 1:43 a.m.26 views

CVE-2024-42057

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...

8.1CVSS0.0132EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/03 1:28 a.m.24 views

CVE-2024-6343

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...

4.9CVSS0.00605EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 1:28 a.m.62 views

CVE-2024-6343

CVE-2024-6343 is a buffer overflow in the CGI program of Zyxel ATP/USG firmware (V4.32–V5.38; USG FLEX V4.50–V5.38; USG FLEX 50(W) V4.16–V5.38; USG20(W)-VPN V4.16–V5.38). An authenticated administrator can trigger denial of service by sending a crafted HTTP request to a vulnerable device. The iss...

4.9CVSS7.2AI score0.00605EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/03 1:28 a.m.16 views

CVE-2024-6343

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...

4.9CVSS7.2AI score0.00605EPSS
Exploits0References1
Prion
Prion
added 2024/02/20 2:15 a.m.25 views

Format string

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...

2.7CVSS7.1AI score0.00649EPSS
Exploits0References1
Rows per page
Query Builder