A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.
oryginał ENCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HZyxel Nxc2500
HWZyxelwszystkie wersjeZyxel Nxc2500 Firmware
OSZyxel6.10\(aaig.0\) – 6.10\(aaig.3\)Zyxel Nxc5500
HWZyxelwszystkie wersjeZyxel Nxc5500 Firmware
OSZyxel6.10\(aaos.0\) – 6.10\(aaos.4\)Zyxel Usg 20w Vpn
HWZyxelwszystkie wersjeZyxel Usg 20w Vpn Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Usg 2200 Vpn
HWZyxelwszystkie wersjeZyxel Usg 2200 Vpn Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Usg Flex 100
HWZyxelwszystkie wersjeZyxel Usg Flex 100 Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Usg Flex 100w
HWZyxelwszystkie wersjeZyxel Usg Flex 100w Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Usg Flex 200
HWZyxelwszystkie wersjeZyxel Usg Flex 200 Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Usg Flex 50
HWZyxelwszystkie wersjeZyxel Usg Flex 500
HWZyxelwszystkie wersjeZyxel Usg Flex 500 Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Usg Flex 50 Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Usg Flex 50w
HWZyxelwszystkie wersjeZyxel Usg Flex 50w Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Usg Flex 700
HWZyxelwszystkie wersjeZyxel Usg Flex 700 Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Zywall Atp100
HWZyxelwszystkie wersjeZyxel Zywall Atp100 Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Zywall Atp100w
HWZyxelwszystkie wersjeZyxel Zywall Atp100w Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Zywall Atp200
HWZyxelwszystkie wersjeZyxel Zywall Atp200 Firmware
OSZyxel5.00 – 5.37 (bez)Zyxel Zywall Atp500
HWZyxelwszystkie wersjeZyxel Zywall Atp500 Firmware
OSZyxel5.00 – 5.37 (bez)
Powiązane podatności
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 throug...
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 throu...
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series fir...
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 throug...
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable passw...