← Retour aux CVEs
CVE-2024-11667
HIGHCISA KEV7.5
Description
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie11/27/2024
Derniere modification10/27/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurZyxel
ProduitMultiple Firewalls
Nom vulnerabiliteZyxel Multiple Firewalls Path Traversal Vulnerability
Date ajout KEV2024-12-03
Date limite remediation2024-12-24
Utilise dans ransomwareKnown
Produits affectes
zyxel:atpzyxel:atp100zyxel:atp100wzyxel:atp200zyxel:atp500zyxel:atp700zyxel:atp800zyxel:usg_20w-vpnzyxel:usg_flexzyxel:usg_flex_100zyxel:usg_flex_100axzyxel:usg_flex_100wzyxel:usg_flex_200zyxel:usg_flex_50zyxel:usg_flex_500zyxel:usg_flex_50wzyxel:usg_flex_700zyxel:zld
Faiblesses (CWE)
CWE-22
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024(security@zyxel.com.tw)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11667(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.