Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-42059

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.

Published

2024-09-03T02:15:04.690

Last Modified

2024-12-13T16:14:36.887

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	zld	< 5.39	Yes
Hardware	zyxel	atp100	-	No
Hardware	zyxel	atp100w	-	No
Hardware	zyxel	atp200	-	No
Hardware	zyxel	atp500	-	No
Hardware	zyxel	atp700	-	No
Hardware	zyxel	atp800	-	No
Operating System	zyxel	zld	< 5.39	Yes
Hardware	zyxel	usg_flex_100	-	No
Hardware	zyxel	usg_flex_100ax	-	No
Hardware	zyxel	usg_flex_100w	-	No
Hardware	zyxel	usg_flex_200	-	No
Hardware	zyxel	usg_flex_50	-	No
Hardware	zyxel	usg_flex_500	-	No
Hardware	zyxel	usg_flex_50w	-	No
Hardware	zyxel	usg_flex_700	-	No
Operating System	zyxel	zld	< 5.39	Yes
Hardware	zyxel	usg_20w-vpn	-	No

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024 Vendor Advisory ([email protected])