Free Trial

CVE-2024-11667 : Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN UP TO 5.38 URL PATH TRAVERSAL

Description

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2024-11667 : Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN UP TO 5.38 URL PATH TRAVERSAL
CVE-2024-11667 : Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN UP TO 5.38 URL PATH TRAVERSAL

Contact us to get started

CVE-2024-31976 : ENGENIUS EWS356-FIR UP TO 1.1.30 CONTROLLER CONNECTIVITY OS COMMAND INJECTION

CVE-2024-31976 : ENGENIUS EWS356-FIR UP TO 1.1.30 CONTROLLER CONNECTIVITY OS COMMAND INJECTION

Description EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity

Learn more
CVE-2024-42327 : ZABBIX UP TO 6.0.31/6.4.16/7.0.1 API ADDRELATED OBJECTS SQL INJECTION

CVE-2024-42327 : ZABBIX UP TO 6.0.31/6.4.16/7.0.1 API ADDRELATED OBJECTS SQL INJECTION

Description A non-admin user account on the Zabbix frontend with the default User role, or with any other role that

Learn more
CVE-2024-11667 : Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN UP TO 5.38 URL PATH TRAVERSAL

CVE-2024-11667 : Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN UP TO 5.38 URL PATH TRAVERSAL

Description A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG

Learn more