CVE-2020-24355
First published: Wed Sep 02 2020(Updated: )
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel Vmg5313-b30b Firmware | <=5.13\(abcj.6\)b3_1127 | |
| Zyxel VMG5313-B30B |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-24355?
CVE-2020-24355 is a vulnerability affecting the Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127 and possibly older versions of firmware.
What is the severity of CVE-2020-24355?
The severity of CVE-2020-24355 is critical with a CVSS score of 9.8.
How does CVE-2020-24355 impact Zyxel VMG5313-B30B routers?
CVE-2020-24355 allows regular and other users to create new users with elevated privileges on Zyxel VMG5313-B30B routers.
How can I fix CVE-2020-24355?
To fix CVE-2020-24355, it is recommended to update the firmware of the Zyxel VMG5313-B30B router to the latest version provided by the vendor.
Where can I find more information about CVE-2020-24355?
You can find more information about CVE-2020-24355 on the official Zyxel support website and in the provided blog posts.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/zyxel
- canonical/zyxel vmg5313-b30b firmware
- version/zyxel vmg5313-b30b firmware/5.13\(abcj.6\)b3_1127
- canonical/zyxel vmg5313-b30b