漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Zyxel ATP 操作系统命令注入漏洞
Vulnerability Description
Zyxel ATP是中国合勤(Zyxel)公司的一款防火墙。 Zyxel ATP ZLD V5.00 到 V5.36 Patch 2版本、USG FLEX ZLD V5.00到 V5.36 Patch 2版本、USG FLEX 50(W) / USG20(W)-VPN ZLD V5.00到 V5.36 Patch 2版本、VPN ZLD V5.00到 V5.36 Patch 2版本存在操作系统命令注入漏洞,该漏洞源于接入点 (AP) 管理功能中存在命令注入,如果攻击者能够欺骗授权管理员添加其 IP,则未经
CVSS Information
N/A
Vulnerability Type
N/A