Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Zyxel USG FLEX 路径遍历漏洞
Vulnerability Description
Zyxel USG FLEX是中国合勤(Zyxel)公司的一款防火墙。提供灵活的 VPN 选项(IPsec、SSL 或 L2TP),为远程工作和管理提供灵活的安全远程访问。 Zyxel USG FLEX 系列 4.50 至 5.35固件版本、VPN 系列 4.30 至 5.35 固件版本存在安全漏洞,该漏洞源于account_print.cgi CGI 程序中存在路径遍历问题。攻击者利用该漏洞通过上传特制的文件来创建tmp目录。
CVSS Information
N/A
Vulnerability Type
N/A