CVE-2024-11667

HIGH KEV RANSOMWARE

Zyxel ATP-USG FLEX-50(W) - Path Traversal

Title source: llm

Exploitation Summary

CVE-2024-11667 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 3, 2024, with confirmed use in ransomware campaigns.

Description

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11667

Vendor Advisory vendor-advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024

Scores

CVSS v3 7.5

EPSS 0.2894

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact partial

Details

CISA KEV 2024-12-03

VulnCheck KEV 2024-11-21

InTheWild.io 2024-12-03

ENISA EUVD EUVD-2024-34151

Ransomware Use Confirmed

CWE

CWE-22

Status published

Products (1)

zyxel/zld 5.00 - 5.38

Published Nov 27, 2024

KEV Added Dec 03, 2024

Tracked Since Feb 18, 2026