漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Zyxel多款产品 操作系统命令注入漏洞
Vulnerability Description
Zyxel USG20W-VPN等都是中国合勤(Zyxel)公司的产品。Zyxel USG20W-VPN是一款用于公司环境的防火墙设备。Zyxel ATP series firmware是一系列防火墙固件。Zyxel USG FLEX series firmware是一系列安全设备固件。 Zyxel多款产品存在操作系统命令注入漏洞,该漏洞源于 IPSec VPN 功能中包含一个命令注入漏洞。以下产品及版本受到影响:Zyxel ATP series firmware V4.32版本至V5.38版本、USG
CVSS Information
N/A
Vulnerability Type
N/A