Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zyxel ZLD和Zyxel SD-OS 命令注入漏洞
Vulnerability Description
Zyxel ZLD和Zyxel SD-OS都是中国合勤科技(Zyxel)公司的产品。Zyxel ZLD是一款应用于企业环境的防火墙设备。Zyxel SD-OS是一款应用于网络配置的操作系统。 Zyxel ZLD和Zyxel SD-OS存在命令注入漏洞,该漏洞允许管理员在密码修改操作期间通过输入字符串向chg exp pwd注入命令。以下产品及版本受到影响:VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03
CVSS Information
N/A
Vulnerability Type
N/A