← Voltar para CVEs
CVE-2024-11667
HIGHCISA KEV7.5
Descricao
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/27/2024
Ultima modificacao10/27/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorZyxel
ProdutoMultiple Firewalls
Nome da vulnerabilidadeZyxel Multiple Firewalls Path Traversal Vulnerability
Data inclusao KEV2024-12-03
Prazo de remediacao2024-12-24
Uso em ransomwareKnown
Produtos afetados
zyxel:atpzyxel:atp100zyxel:atp100wzyxel:atp200zyxel:atp500zyxel:atp700zyxel:atp800zyxel:usg_20w-vpnzyxel:usg_flexzyxel:usg_flex_100zyxel:usg_flex_100axzyxel:usg_flex_100wzyxel:usg_flex_200zyxel:usg_flex_50zyxel:usg_flex_500zyxel:usg_flex_50wzyxel:usg_flex_700zyxel:zld
Fraquezas (CWE)
CWE-22
Referencias
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024(security@zyxel.com.tw)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11667(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.