- Description
- A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.
- Source
- security@zyxel.com.tw
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@zyxel.com.tw
- CWE-78
- Hype score
- Not currently trending
2/8 Patch Now! If your @ZyxelNews firewall is on firmware 4.32-5.38, update to 5.39 to protect against CVE-2024-42057. #CybersecurityPatch #ZyxelUpdate 📲
@Eth1calHackrZ
28 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/8 @ZyxelNews Firewalls Under Attack! CVE-2024-42057 exploited by Helldown ransomware for unauthorized OS command execution. #ZyxelVulnerability #RansomwareAlert 🔓
@Eth1calHackrZ
28 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DoYouKnowAdversary Ransomware Alert! #Helldown ransomware, identified in August 2024, is actively targeting #Windows, #Linux and #ESXi systems. It exploits CVE-2024-42057 in #Zyxel firewalls to gain access. The #ransomware uses double #extortion tactics, exfiltrating sensitive…
@Loginsoft_Inc
26 Nov 2024
72 Impressions
5 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-42057: Helldown Ransomware Exploits Zyxel Vulnerability https://t.co/19BaqJNQS6
@the_yellow_fall
25 Nov 2024
273 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
به تازگی نسخه جدید باج افزار Helldown منتشر شده است. این باج افزار از آسیب پذیری که در فایروال Zyxel و Ipsec VPN وجود دارد برای گرفتن دسترسی استفاده می کند. آسیب پذیری مورد استفاده توسط این باج افزار دارای کد شناسایی CVE-2024-42057 می باشد. https://t.co/Poz3aKY03t https://t.co/
@AmirHossein_sec
24 Nov 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Ransomware alert! Critical Zyxel Vulnerability Exploited by HellDown Ransomware CVE-2024-42057: command injection vulnerability affecting the IPSec VPN feature in specific firmware versions of Zyxel devices. The impacted firmware versions include Zyxel ATP series…
@Loginsoft_Inc
22 Nov 2024
54 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
HelldownランサムがZyxcelのCVE-2024-42057(IPSec VPNでのUser-Based-PSK 認証モードかつ28文字以上のユーザが存在する場合に生じるRCEの脆弱性)を悪用の可能性との報道を受け調査。 https://t.co/cCey0dG51v… https://t.co/NFM8eUXD1K https://t.co/8ISM7Xnw9c
@nekono_naha
22 Nov 2024
1544 Impressions
3 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-42057
@transilienceai
21 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
HellDown Ransomware exploiting Zyxel Vulnerability #HelldownRansomware #CVE-2024-42057 #Zyxel https://t.co/zJLrWfOF94
@pravin_karthik
20 Nov 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SCMagazine: Among the targeted flaws was CVE-2024-42057, a code execution flaw that had not previously been targeted in the wild. https://t.co/MPO90n9EK1 #cybersecurity #ransomware #vmware
@MrsYisWhy
20 Nov 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Helldown ransomware exploits Zyxel VPN flaw (CVE-2024-42057) to breach networks, steal data, & encrypt systems. Update to firmware 5.39+, enforce MFA, & monitor for suspicious activity. Patch now, stay safe! 🔒 #Ransomware #ZyxelVPN #CyberSecurity https://t.co/g9gXOdbk
@VulnVanguard
19 Nov 2024
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
HelldownランサムウェアがZyxel社ファイアウォールのIPSec VPNにおける脆弱性を悪用している。Sekoia社報告。同集団の被害者としてはZyxel Europe社も掲載されている。悪用が推測されている脆弱性はCVE-2024-42057。 https://t.co/n5ViaV7LA0
@__kokumoto
19 Nov 2024
870 Impressions
3 Retweets
4 Likes
2 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "871446C3-30E8-4FE9-AC8A-4D87A400233F",
"versionEndExcluding": "5.39",
"versionStartIncluding": "4.32"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4240E15F-8869-4DA7-9F6E-5DAF3708F9A7",
"versionEndExcluding": "5.39",
"versionStartIncluding": "4.50"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2C43DB2-3339-4FB1-AC44-56619A9DDAA0",
"versionEndExcluding": "5.39",
"versionStartIncluding": "4.16"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2C43DB2-3339-4FB1-AC44-56619A9DDAA0",
"versionEndExcluding": "5.39",
"versionStartIncluding": "4.16"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]