A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 thr

FIRMWARE

28-10-2025 19:44

CVE-2025-9133 Vulnerabilidad documentada

Sin puntuación

Tags

#config

#firmware

#vulnerability

#affected

#authenticated

#configuration

#allow

#attack

#affect

Descripción

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX V4.50 50(W) V4.16 and USG20(W)-VPN V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of two-factor authentication (2FA) process—to view download system configuration an affected device.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-missing-authorization-vulnerabilities-in-zld-firewalls-10-21-2025

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-9133

Resultados similares

Coincidentes en almenos en 50% de los tags

28-10-2025 CVE-2025-61128
Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V2...
Ver información

28-10-2025 CVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions fro...
Ver información