A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 up to and including 5.36 Patch 2 and VPN series firmware versions 4.20 up to and including 5.36 Patch 2, could allow an unauthenticated, LAN-based malicious user to execute some OS commands on an affected device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zyxel usg_2200-vpn_firmware |
||
zyxel usg_flex_100_firmware |
||
zyxel usg_flex_100w_firmware |
||
zyxel usg_flex_200_firmware |
||
zyxel usg_flex_50_firmware |
||
zyxel usg_flex_500_firmware |
||
zyxel usg_flex_50w_firmware |
||
zyxel usg_flex_700_firmware |
||
zyxel zywall_vpn100_firmware |
||
zyxel zywall_vpn2s_firmware |
||
zyxel zywall_vpn300_firmware |
||
zyxel zywall_vpn50_firmware |
||
zyxel zywall_vpn_100_firmware |
||
zyxel zywall_vpn_300_firmware |
||
zyxel zywall_vpn_50_firmware |