Zyxel:vpn1000_firmware zyxel:usg40_firmware zyxel:usg_flex_50_firmware zyxel:usg_flex_700_firmware zyxel:atp700_firmware zyxel:usg_flex_200_firmware zyxel:usg20w-vpn_firmware zyxel:atp200_firmware zyxel:atp800_firmware zyxel:vpn50_firmware zyxel:zywall_310_firmware zyxel:vpn100_firmware zyxel:atp500_firmware zyxel:usg40w_firmware zyxel:vpn300_firmware zyxel:usg_flex_500_firmware zyxel:usg60w_firmware zyxel:usg20-vpn_firmware zyxel:atp100w_firmware zyxel:usg_flex_100w_firmware zyxel:usg_flex_100_firmware zyxel:zywall_1100_firmware zyxel:atp100_firmware zyxel:zywall_110_firmware zyxel:usg60_firmwareĪn authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.
0 kommentar(er)
