Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-11667

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

Published

2024-11-27T10:15:04.210

Last Modified

2024-12-05T18:41:12.113

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	zld	≤ 5.38	Yes
Hardware	zyxel	atp	-	No
Hardware	zyxel	atp100	-	No
Hardware	zyxel	atp100w	-	No
Hardware	zyxel	atp200	-	No
Hardware	zyxel	atp500	-	No
Hardware	zyxel	atp700	-	No
Hardware	zyxel	atp800	-	No
Operating System	zyxel	zld	≤ 5.38	Yes
Hardware	zyxel	usg_flex	-	No
Hardware	zyxel	usg_flex_100	-	No
Hardware	zyxel	usg_flex_100ax	-	No
Hardware	zyxel	usg_flex_100w	-	No
Hardware	zyxel	usg_flex_200	-	No
Hardware	zyxel	usg_flex_50	-	No
Hardware	zyxel	usg_flex_500	-	No
Hardware	zyxel	usg_flex_700	-	No
Operating System	zyxel	zld	≤ 5.38	Yes
Hardware	zyxel	usg_flex_50w	-	No
Operating System	zyxel	zld	≤ 5.38	Yes
Hardware	zyxel	usg_20w-vpn	-	No

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024 Vendor Advisory ([email protected])