First published: Tue Oct 22 2024(Updated: )
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.
Credit: security@zyxel.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Zyxel Uos | <1.30 | |
Any of | ||
Zyxel Usg Flex 100h | ||
Zyxel Usg Flex 200h | ||
Zyxel Usg Flex 200hp | ||
Zyxel Usg Flex 500h | ||
Zyxel Usg Flex 700h |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.