Description
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Zyxel / ATP series firmware4.35 through 5.01 – 4.35 through 5.01
- Zyxel / USG FLEX series firmware4.35 through 5.01 – 4.35 through 5.01
- Zyxel / USG/ZyWALL series firmware4.35 through 4.64 – 4.35 through 4.64
- Zyxel / VPN series firmware4.35 through 5.01 – 4.35 through 5.01