CVE-2024-11667: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series...

7.5 CVSS

Description

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

Known Exploited

🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).

Classification

CVE ID: CVE-2024-11667

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector:

Affected Products

Vendor: Zyxel

Product: ATP series firmware

Exploit Prediction Scoring System (EPSS)

EPSS Score: 18.85% (probability of being exploited)

EPSS Percentile: 96.29% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024

Timeline

2024-12-03 15:20:48 UTC
CISA KEV

Zyxel Multiple Firewalls Path Traversal Vulnerability
2024-12-03 15:21:41 UTC
🚨 Marked as Known Exploited
2024-12-04 00:11:22 UTC
CVE

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series...