CVE-2025-3577

Опубликовано: 22 апр. 2025

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

UNSUPPORTED WHEN ASSIGNED A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.

Ссылки

https://github.com/Jiangxiazhe/IOT_Vulnerability/blob/main/README.md
Exploit
Third Party Advisory
https://www.zyxel.com/service-provider/global/en/security-advisories/end-of-life
Product
https://github.com/Jiangxiazhe/IOT_Vulnerability/blob/main/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zyxel:amg1302-t10b_firmware:2.00\(aajc.16\)c0:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:amg1302-t10b:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01071

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-2jx2-x46f-wj52

CVSS3: 4.9

github

10 месяцев назад

**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.

BDU:2025-05678

CVSS3: 4.9

fstec

10 месяцев назад

Уязвимость функции FUN_0040fffc микропрограммного обеспечения маршрутизаторов ZyXEL AMG1302-T10B, позволяющая нарушителю записывать произвольные файлы

EPSS

Процентиль: 77%

0.01071

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-22