A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 up to and including 5.35, and VPN series firmware versions 4.30 up to and including 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zyxel usg flex 100 firmware |
||
zyxel usg flex 100w firmware |
||
zyxel usg flex 200 firmware |
||
zyxel usg flex 50 firmware |
||
zyxel usg flex 50w firmware |
||
zyxel usg flex 500 firmware |
||
zyxel usg flex 700 firmware |
||
zyxel vpn100 firmware |
||
zyxel vpn1000 firmware |
||
zyxel vpn300 firmware |
||
zyxel vpn50 firmware |