CVE-2024-11667

HIGHCISA KEV

7.5

Descripcion

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

Detalles CVE

Puntuacion CVSS v3.17.5

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado11/27/2024

Ultima modificacion10/27/2025

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorZyxel

ProductoMultiple Firewalls

Nombre vulnerabilidadZyxel Multiple Firewalls Path Traversal Vulnerability

Fecha inclusion KEV2024-12-03

Fecha limite remediacion2024-12-24

Uso en ransomwareKnown

Productos afectados

zyxel:atpzyxel:atp100zyxel:atp100wzyxel:atp200zyxel:atp500zyxel:atp700zyxel:atp800zyxel:usg_20w-vpnzyxel:usg_flexzyxel:usg_flex_100zyxel:usg_flex_100axzyxel:usg_flex_100wzyxel:usg_flex_200zyxel:usg_flex_50zyxel:usg_flex_500zyxel:usg_flex_50wzyxel:usg_flex_700zyxel:zld

Debilidades (CWE)

CWE-22

Referencias

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024(security@zyxel.com.tw)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11667(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.