CVE-2024-11667

HIGH KEV RANSOMWARE

Zyxel ATP-USG FLEX-50(W) - Path Traversal

Title source: llm

Description

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

References (2)

Scores

CVSS v3 7.5
EPSS 0.2861
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2024-12-03
VulnCheck KEV 2024-11-21
InTheWild.io 2024-12-03
ENISA EUVD EUVD-2024-34151
Ransomware Use Confirmed
CWE
CWE-22
Status published
Products (1)
zyxel/zld 5.00 - 5.38
Published Nov 27, 2024
KEV Added Dec 03, 2024
Tracked Since Feb 18, 2026