CVE-2024-7203 HIGH

CVE-2024-7203

Vendor Zyxel

Product ATP series firmware

Weakness CWE-78

Published September 3, 2024

Last update September 3, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.

Key dates

02Disclosure timeline

September 3, 2024 CVE published

September 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-7203

Related vulnerabilities

Identifiers

CVE CVE-2024-7203

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions

Vendor Zyxel

Product ATP series firmware

Affected versions V4.60 through V5.38

Vendor Zyxel

Product USG FLEX series firmware

Affected versions V4.60 through V5.38

CVE-2024-7203

01Description

02Disclosure timeline

03References

04Related CVE