// For flags

CVE-2024-42059

 

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Multiple
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-07-29 CVE Reserved
  • 2024-09-03 CVE Published
  • 2024-09-03 CVE Updated
  • 2024-09-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zyxel
Search vendor "Zyxel"
 Atp100 Firmware
Search vendor "Zyxel" for product "Atp100 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Atp100w Firmware
Search vendor "Zyxel" for product "Atp100w Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Atp200 Firmware
Search vendor "Zyxel" for product "Atp200 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Atp500 Firmware
Search vendor "Zyxel" for product "Atp500 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Atp700 Firmware
Search vendor "Zyxel" for product "Atp700 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Atp800 Firmware
Search vendor "Zyxel" for product "Atp800 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg20w-vpn Firmware
Search vendor "Zyxel" for product "Usg20w-vpn Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 100 Firmware
Search vendor "Zyxel" for product "Usg Flex 100 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 100ax Firmware
Search vendor "Zyxel" for product "Usg Flex 100ax Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 100h Firmware
Search vendor "Zyxel" for product "Usg Flex 100h Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 100w Firmware
Search vendor "Zyxel" for product "Usg Flex 100w Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 200 Firmware
Search vendor "Zyxel" for product "Usg Flex 200 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 200h Firmware
Search vendor "Zyxel" for product "Usg Flex 200h Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 500 Firmware
Search vendor "Zyxel" for product "Usg Flex 500 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 500h Firmware
Search vendor "Zyxel" for product "Usg Flex 500h Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 50 Firmware
Search vendor "Zyxel" for product "Usg Flex 50 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 50ax Firmware
Search vendor "Zyxel" for product "Usg Flex 50ax Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 50w Firmware
Search vendor "Zyxel" for product "Usg Flex 50w Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 700 Firmware
Search vendor "Zyxel" for product "Usg Flex 700 Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Usg Flex 700h Firmware
Search vendor "Zyxel" for product "Usg Flex 700h Firmware"
*-
Affected
Zyxel
Search vendor "Zyxel"
 Zld
Search vendor "Zyxel" for product "Zld"
*-
Affected