CNNVD-202510-2788 Information

CNNVD ID

CNNVD-202510-2788

Related CVE

CVE-2025-9133

• CNNVD Published: 2025-10-21

Description (Chinese)

Zyxel ATP series firmware和Zyxel USG FLEX series firmware都是中国合勤（Zyxel）公司的产品。Zyxel ATP series firmware是一系列防火墙固件。Zyxel USG FLEX series firmware是一系列安全设备固件。 Zyxel ATP series firmware和Zyxel USG FLEX series firmware存在安全漏洞，该漏洞源于缺少授权，可能导致半认证攻击者查看和下载系统配置。

Description (English)

Zyxel ATP services flymware and Zyxel USG FLEX service companies work for Zyxel. Zyxel ATP services firmware is a series of firewalls. Zyxel USG FLEX sources firmware is a series of security equipment solids. There is a security loophole between Zyxel ATP serviceers, and Zyxel USG FLEX service providers, which stems from a lack of authorization and may lead to semi-certified attackers viewing and downloading system configurations.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

合勤

Published

2025-10-21

Last Modified

2026-02-24

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-missing-authorization-vulnerabilities-in-zld-firewalls-10-21-2025

Patch

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-missing-authorization-vulnerabilities-in-zld-firewalls-10-21-2025