CVE-2025-3577
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.
Una vulnerabilidad de path traversal en la interfaz de administración web de la versión de firmware 2.00(AAJC.16)C0 del Zyxel AMG1302-T10B podría permitir que un atacante autenticado con privilegios de administrador acceda a directorios restringidos mediante el envío de una solicitud HTTP manipulada a un dispositivo afectado.
**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-04-14 CVE Reserved
- 2025-04-22 CVE Published
- 2025-04-23 CVE Updated
- 2025-06-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Jiangxiazhe/IOT_Vulnerability/blob/main/README.md | ||
| https://www.zyxel.com/service-provider/global/en/security-advisories/end-of-life |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zyxel Search vendor "Zyxel" | Amg1202-t10b Search vendor "Zyxel" for product "Amg1202-t10b" | * | - |
Affected
| ||||||