CVE-2024-11667

None

Description

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

INFO

Published Date :

2024-11-27T09:39:41.691Z

Last Modified :

2025-10-21T22:55:34.999Z

Source :

Zyxel

AFFECTED PRODUCTS

The following products are affected by CVE-2024-11667 vulnerability.

Vendors	Products
Zyxel	Atp Atp100 Atp100 Firmware Atp100w Atp100w Firmware Atp200 Atp500 Atp500 Firmware Atp700 Atp700 Firmware Atp800 Atp800 Firmware Atp Firmware Usg20-vpn Firmware Usg 20w-vpn Usg Flex Usg Flex 100 Usg Flex 100ax Usg Flex 100h Firmware Usg Flex 100hp Firmware Usg Flex 100w Usg Flex 100w Firmware Usg Flex 200 Usg Flex 200 Firmware Usg Flex 200h Firmware Usg Flex 200hp Firmware Usg Flex 50 Usg Flex 500 Usg Flex 500 Firmware Usg Flex 500h Firmware Usg Flex 500w Firmware Usg Flex 50 Firmware Usg Flex 50ax Firmware Usg Flex 50w Usg Flex 50w Firmware Usg Flex 60ax Firmware Usg Flex 700 Usg Flex 700 Firmware Usg Flex 700h Firmware Usg Flex Firmware Zld

Vendors

Products

Zyxel

Atp
Atp100
Atp100 Firmware
Atp100w
Atp100w Firmware
Atp200
Atp500
Atp500 Firmware
Atp700
Atp700 Firmware
Atp800
Atp800 Firmware
Atp Firmware
Usg20-vpn Firmware
Usg 20w-vpn
Usg Flex
Usg Flex 100
Usg Flex 100ax
Usg Flex 100h Firmware
Usg Flex 100hp Firmware
Usg Flex 100w
Usg Flex 100w Firmware
Usg Flex 200
Usg Flex 200 Firmware
Usg Flex 200h Firmware
Usg Flex 200hp Firmware
Usg Flex 50
Usg Flex 500
Usg Flex 500 Firmware
Usg Flex 500h Firmware
Usg Flex 500w Firmware
Usg Flex 50 Firmware
Usg Flex 50ax Firmware
Usg Flex 50w
Usg Flex 50w Firmware
Usg Flex 60ax Firmware
Usg Flex 700
Usg Flex 700 Firmware
Usg Flex 700h Firmware
Usg Flex Firmware
Zld

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-11667.

URL	Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11667
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact