- Description
- The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.
- Source
- security@zyxel.com.tw
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@zyxel.com.tw
- CWE-522
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:uos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B53BCCF3-FFFC-4E52-997E-36A632C81F00",
"versionEndExcluding": "1.30"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]