A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 up to and including 5.30, USG FLEX 200 firmware versions 4.50 up to and including 5.30, USG FLEX 500 firmware versions 4.50 up to and including 5.30, USG FLEX 700 firmware versions 4.50 up to and including 5.30, USG FLEX 50(W) firmware versions 4.16 up to and including 5.30, USG20(W)-VPN firmware versions 4.16 up to and including 5.30, ATP series firmware versions 4.32 up to and including 5.30, VPN series firmware versions 4.30 up to and including 5.30, USG/ZyWALL series firmware versions 4.11 up to and including 4.72, that could allow an authenticated malicious user to access some restricted files on a vulnerable device.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
zyxel usg_flex_100w_firmware |
||
zyxel usg_flex_200_firmware |
||
zyxel usg_flex_500_firmware |
||
zyxel usg_flex_700_firmware |
||
zyxel usg_flex_50w_firmware |
||
zyxel usg20w-vpn_firmware |
||
zyxel atp800_firmware |
||
zyxel atp700_firmware |
||
zyxel atp500_firmware |
||
zyxel atp200_firmware |
||
zyxel atp100w_firmware |
||
zyxel atp100_firmware |
||
zyxel vpn1000_firmware |
||
zyxel vpn300_firmware |
||
zyxel vpn100_firmware |
||
zyxel vpn50_firmware |
||
zyxel usg20-vpn_firmware |
||
zyxel usg_2200-vpn_firmware |
||
zyxel zywall_110_firmware |
||
zyxel zywall_310_firmware |
||
zyxel zywall_1100_firmware |
||
zyxel usg40_firmware |
||
zyxel usg40w_firmware |
||
zyxel usg60_firmware |
||
zyxel usg60w_firmware |
Vulmon