A vulnerability, which was classified as critical, was found in Zyxel ATP, USG FLEX, USG FLEX 50(W) and USG20(W)-VPN up to 5.38. Affected is an unknown function of the component IPSec VPN. The manipulation of the argument username leads to os command injection.
This vulnerability is traded as CVE-2024-42057. It is possible to launch the attack remotely. There is no exploit available.