CVE-2024-42057 | Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN up to 5.38 IPSec VPN username os command injection

Inserito da Angelo Barbosa | Set 3, 2024 | CVE

A vulnerability, which was classified as critical, was found in Zyxel ATP, USG FLEX, USG FLEX 50(W) and USG20(W)-VPN up to 5.38. Affected is an unknown function of the component IPSec VPN. The manipulation of the argument username leads to os command injection.

This vulnerability is traded as CVE-2024-42057. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-42057 | Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN up to 5.38 IPSec VPN username os command injection

Post correlati

CVE-2023-43608 | Buildroot 2023.08.1/622698d7847 code download (TALOS-2023-1845)

CVE-2024-25905 | Multi Step Form Plugin up to 1.7.17 on WordPress cross-site request forgery

CVE-2024-0283 | Kashipara Food Management System up to 1.0 party_details.php party_name cross site scripting

CVE-2023-6733 | WP-Members Membership Plugin up to 3.4.8 on WordPress authorization