Lucene search
+L

443 matches found

NVD
NVD
added 2024/10/22 2:15 a.m.18 views

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

7.8CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/22 1:19 a.m.15 views

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

5.5CVSS7.7AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/22 1:19 a.m.19 views

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

5.5CVSS0.00154EPSS
Exploits0References1
CVE
CVE
added 2024/10/22 1:19 a.m.49 views

CVE-2024-9677

Affected: Zyxel USG FLEX H series devices running uOS firmware v1.21 and earlier. Vulnerable component: CLI commands where credentials are insufficiently protected, enabling an authenticated local attacker to escalate privileges by stealing a login administrator’s authentication token if the admi...

7.8CVSS7.5AI score0.00154EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.9 views

Zyxel USG FLEX 安全漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX that stems from inadequate protection against credentials in CLI...

7.8CVSS7AI score0.00154EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/16 12:0 a.m.6 views

The vulnerability of the microprogrammed software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN devices allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed network devices Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

9CVSS6.2AI score0.01339EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/09/11 12:0 a.m.11 views

The vulnerability of CGI microprogramming software for network devices such as Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN allows a hacker to cause service interruptions.

The vulnerability of CGI microprogramming software for network devices such as Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to cause service interruptions by sending a...

6.8CVSS5.8AI score0.00605EPSS
Exploits0References5Affected Software4
Tenable Nessus
Tenable Nessus
added 2024/09/06 12:0 a.m.13 views

Zyxel USG FLEX 4.20 < 5.39 DoS

The Firmware version of the Zyxel USG FLEX device is affected by a denial of service vulnerability. A null pointer dereference vulnerability in some firewall versions could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device. Note that Nessu...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/06 12:0 a.m.14 views

Zyxel USG FLEX 4.50 < 5.39 / ATP 4.32 < 5.39 Multiple Vulnerabilities

The Firmware version of the Zyxel USG / ATP device is affected by multiple vulnerabilities: - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series...

8.1CVSS6.4AI score0.01339EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/09/06 12:0 a.m.16 views

Zyxel USG FLEX 5.00 < 5.39 / ATP 5.00 < 5.39 Command Injection

The Firmware version of the Zyxel USG / ATP device is affected by a post-authentication command injection vulnerability in some firewall versions could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed...

7.2CVSS6.2AI score0.01339EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/06 12:0 a.m.36 views

Zyxel USG FLEX 4.16 < 5.39 Multiple Vulnerabilities

The Firmware version of the Zyxel USG FLEX device is affected by multiple vulnerabilities: - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series...

8.1CVSS6.4AI score0.01339EPSS
Exploits0References5
NVD
NVD
added 2024/09/03 3:15 a.m.45 views

CVE-2024-42061

A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...

6.1CVSS0.00295EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 3:15 a.m.44 views

CVE-2024-7261

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70ABVT.4 and earlier, WAC500 firmware version 6.70ABVS.4 and earlier, WAX655E firmware version 7.00ACDO.1 and earlier, WBE530 firmware version 7.00ACLE.1 and earlier,...

9.8CVSS0.11408EPSS
Exploits0References1
OSV
OSV
added 2024/09/03 3:15 a.m.5 views

CVE-2024-42061

A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...

6.1CVSS5.7AI score0.00295EPSS
Exploits0References1
OSV
OSV
added 2024/09/03 3:15 a.m.7 views

CVE-2024-7261

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70ABVT.4 and earlier, WAC500 firmware version 6.70ABVS.4 and earlier, WAX655E firmware version 7.00ACDO.1 and earlier, WBE530 firmware version 7.00ACLE.1 and earlier,...

9.8CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2024/09/03 2:15 a.m.6 views

CVE-2024-7203

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands on a...

7.2CVSS5.9AI score0.01339EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 2:15 a.m.23 views

CVE-2024-6343

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...

4.9CVSS0.00605EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 2:15 a.m.22 views

CVE-2024-7203

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands on a...

7.2CVSS0.01339EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 2:15 a.m.21 views

CVE-2024-42058

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V5.20 through V5.38, and USG20W-VPN series firmware versions from V5.20 through V5.38 cou...

7.5CVSS0.00621EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 2:15 a.m.32 views

CVE-2024-42057

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...

8.1CVSS0.0132EPSS
Exploits0References1
Rows per page
Query Builder