CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.5%

CVSS Severity

CVSS v3 Score 5.5

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024

Products affected by CVE-2024-9677

Zyxel » Usg Flex 100h » Version: N/A

cpe:2.3:h:zyxel:usg_flex_100h:-
Zyxel » Usg Flex 200h » Version: N/A

cpe:2.3:h:zyxel:usg_flex_200h:-
Zyxel » Usg Flex 200hp » Version: N/A

cpe:2.3:h:zyxel:usg_flex_200hp:-
Zyxel » Usg Flex 500h » Version: N/A

cpe:2.3:h:zyxel:usg_flex_500h:-
Zyxel » Usg Flex 700h » Version: N/A

cpe:2.3:h:zyxel:usg_flex_700h:-
Zyxel » Uos » Version: N/A

cpe:2.3:o:zyxel:uos:-
Zyxel » Uos » Version: 1.10

cpe:2.3:o:zyxel:uos:1.10
Zyxel » Uos » Version: 1.20

cpe:2.3:o:zyxel:uos:1.20
Zyxel » Uos » Version: 1.21

cpe:2.3:o:zyxel:uos:1.21

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-9677

Products

Pricing

Contact Us