exploitDog

GHSA-2j4f-52m8-xq9h

Опубликовано: 24 апр. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.

Ссылки

EPSS

Процентиль: 76%

0.00971

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2023-27991

CVSS3: 8.8

nvd

почти 3 года назад

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.

BDU:2023-08856

CVSS3: 8.8

fstec

почти 3 года назад

Уязвимость микропрограммного обеспечения сетевых устройств ZyXEL USG, USG FLEX, ATP и VPN, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольные сценарии на уязвимом устройстве

EPSS

Процентиль: 76%

0.00971

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-78