Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-9133
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Zyxel ATP series firmware和Zyxel USG FLEX series firmware 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zyxel ATP series firmware和Zyxel USG FLEX series firmware都是中国合勤(Zyxel)公司的产品。Zyxel ATP series firmware是一系列防火墙固件。Zyxel USG FLEX series firmware是一系列安全设备固件。 Zyxel ATP series firmware和Zyxel USG FLEX series firmware存在安全漏洞,该漏洞源于缺少授权,可能导致半认证攻击者查看和下载系统配置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
ZyxelATP series firmware versions from V4.32 through V5.40 -
ZyxelUSG FLEX series firmware versions from V4.50 through V5.40 -
ZyxelUSG FLEX 50(W) series firmware versions from V4.16 through V5.40 -
ZyxelUSG20(W)-VPN series firmware versions from V4.16 through V5.40 -
II. Public POCs for CVE-2025-9133
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-9133
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: ATP series firmware
Same vendor: Zyxel
Same weakness: CWE-862
V. Comments for CVE-2025-9133

No comments yet

Leave a comment