CVE-2024-42057

None

Description

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.

INFO

Published Date :

2024-09-03T01:43:28.106Z

Last Modified :

2024-09-03T13:54:39.611Z

Source :

Zyxel

AFFECTED PRODUCTS

The following products are affected by CVE-2024-42057 vulnerability.

Vendors	Products
Zyxel	Atp100 Atp100 Firmware Atp100w Atp100w Firmware Atp200 Atp200 Firmware Atp500 Atp500 Firmware Atp700 Atp700 Firmware Atp800 Atp800 Firmware Usg20w-vpn Firmware Usg 20w-vpn Usg Flex 100 Usg Flex 100 Firmware Usg Flex 100ax Usg Flex 100ax Firmware Usg Flex 100h Firmware Usg Flex 100w Usg Flex 100w Firmware Usg Flex 200 Usg Flex 200 Firmware Usg Flex 200h Firmware Usg Flex 50 Usg Flex 500 Usg Flex 500 Firmware Usg Flex 500h Firmware Usg Flex 50 Firmware Usg Flex 50ax Firmware Usg Flex 50w Usg Flex 50w Firmware Usg Flex 700 Usg Flex 700 Firmware Usg Flex 700h Firmware Zld

Vendors

Products

Zyxel