The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versionsĀ could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Zyxel
Zyxel usg Flex 100h Firmware Zyxel usg Flex 100hp Firmware Zyxel usg Flex 200h Firmware Zyxel usg Flex 200hp Firmware Zyxel usg Flex 500h Firmware Zyxel usg Flex 700h Firmware |
|
CPEs | cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_100hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Zyxel
Zyxel usg Flex 100h Firmware Zyxel usg Flex 100hp Firmware Zyxel usg Flex 200h Firmware Zyxel usg Flex 200hp Firmware Zyxel usg Flex 500h Firmware Zyxel usg Flex 700h Firmware |
|
Metrics |
ssvc
|
Tue, 22 Oct 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versionsĀ could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out. | |
Weaknesses | CWE-522 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Zyxel
Published: 2024-10-22T01:19:53.188Z
Updated: 2024-10-22T15:52:56.281Z
Reserved: 2024-10-09T05:14:46.238Z
Link: CVE-2024-9677
Vulnrichment
Updated: 2024-10-22T15:52:50.342Z
NVD
Status : Awaiting Analysis
Published: 2024-10-22T02:15:04.380
Modified: 2024-10-23T15:12:34.673
Link: CVE-2024-9677
Redhat
No data.