CVE-2024-11667

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 27, 2024
Updated: Dec 5, 2024
CWE ID 22

Summary

CVE-2024-11667 is a directory traversal vulnerability affecting multiple firmware versions of Zyxel ATP, USG FLEX, and USG20(W)-VPN series devices. This issue, present in V5.00 through V5.38 of these firmware types, can be exploited by attackers to download or upload files through specially crafted URLs. The vulnerability poses a significant risk, as it allows unauthorized access to sensitive information or even the potential for system compromise. Users are strongly advised to update their devices to the latest secure firmware versions to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share