CVE-2024-11667

Published Nov 27, 2024

Last updated 5 days ago

Overview

Description
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
Source
security@zyxel.com.tw
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security@zyxel.com.tw
CWE-22

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. برای فایروال Zyxel آسیب پذیری با کد شناسایی CVE-2024-11667 و از نوع Directory Traversal منتشر شده است. این آسیب پذیری در قسمت Web management مربوط به این فایروال وجود دارد. نسخه های بین 5.00 تا 5.38 این محصول دارای این آسیب پذیری هستند. https://t.co/Poz3aKY03t https://t.co/WruZWy

    @AmirHossein_sec

    2 Dec 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A directory traversal flaw in Zyxel Firewalls is being actively exploited in the wild. CVE-2024-11667 is a directory traversal flaw in the web management interface of ZLD firewall firmware. Exploitation allows threat actors to send maliciously crafted URLs to bypass directory… h

    @cybercitizen7

    2 Dec 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited https://t.co/kyzwtLejP4

    @CrowdCyber_Com

    30 Nov 2024

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Zyxel Firewalls exploited using CVE-2024-11667 #ZyxelFirewalls #CVE-2024-11667 https://t.co/jjBRPBIItP

    @pravin_karthik

    29 Nov 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Vague d'attaques exploitant les vulnérabilités du pare-feu Zyxel. Les versions 5.00 à 5.38 sont affectées (CVE-2024-11667). Mettez à jour vos systèmes dès que possible ! #Cybersécurité, #Cyberattaques, #Zyxel, #PareFeu https://t.co/XlAdIamOf9 https://t.co/iY3QwjHVlk

    @bexxoch

    29 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-11667: Kritisk sårbarhet i Zyxel brannmurer utnyttes aktivt. Integer Overflow-sårbarhet i Windows-driver muliggjør Privilege Escalation, PoC publisert. CVE-2024-52951 XSS i Omada Identity. https://t.co/WklSosXveP

    @TelenorSOC

    29 Nov 2024

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-11667: Directory Traversal in Zyxel Firewalls, 7.3 rating❗️ Vuln in the web interface of some firewalls allows an attacker to download or upload files. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/l3Umxq6cb0 #cybersecurity #vulnerability_map #zyxel https:/

    @Netlas_io

    29 Nov 2024

    354 Impressions

    2 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited https://t.co/BmuPG1tM7v

    @Dinosn

    29 Nov 2024

    2534 Impressions

    10 Retweets

    19 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  9. CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited Beware of the critical vulnerability CVE-2024-11667 in #Zyxel firewalls. Learn how attackers are exploiting it to deploy Helldown ransomware. https://t.co/14FZrgih2L

    @the_yellow_fall

    29 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. German CERT warns that Zyxel firewalls are being exploited via a critical vulnerability (CVE-2024-11667) to deploy Helldown ransomware, urging immediate firmware updates and enhanced security measures to mitigate risks. #CyberSecurity #Ransomware https://t.co/F1e4WctDQL

    @Cyber_O51NT

    29 Nov 2024

    650 Impressions

    2 Retweets

    5 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2024-11667 A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00… https://t.co/Y2Nck8ADqq

    @CVEnew

    27 Nov 2024

    495 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes