A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware version

FIRMWARE

28-10-2025 19:44

CVE-2025-8078 Vulnerabilidad documentada

Sin puntuación

Tags

#injection

#admin

#firmware

#vulnerability

#affected

#authenticated

#privilege

#pass

#inject

#execute

#allow

#attack

#affect

Descripción

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX V4.50 50(W) V4.16 and USG20(W)-VPN V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as argument CLI command.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-missing-authorization-vulnerabilities-in-zld-firewalls-10-21-2025

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-8078

Resultados similares

Coincidentes en almenos en 50% de los tags

28-10-2025 CVE-2025-61128
Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V2...
Ver información

28-10-2025 CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through ...
Ver información