CNNVD-202510-2789 Information
CNNVD ID
CNNVD-202510-2789
Related CVE
- CNNVD Published: 2025-10-21
Description (Chinese)
Zyxel ATP series firmware和Zyxel USG FLEX series firmware都是中国合勤(Zyxel)公司的产品。Zyxel ATP series firmware是一系列防火墙固件。Zyxel USG FLEX series firmware是一系列安全设备固件。 Zyxel ATP series firmware和Zyxel USG FLEX series firmware存在操作系统命令注入漏洞,该漏洞源于身份验证后可通过特制字符串执行CLI命令,可能导致操作系统命令注入攻击。
Description (English)
Zyxel ATP services flymware and Zyxel USG FLEX service companies work for Zyxel. Zyxel ATP services firmware is a series of firewalls. Zyxel USG FLEX sources firmware is a series of security equipment solids. Zyxel ATP servicemen flymware and Zyxel USG FLEX servicemen flymware have operational system commands that fill a loophole, which arises from the fact that CLI orders can be executed through a specially created string after identification, which may result in an operational system command being injected into the attack.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
合勤
Published
2025-10-21
Last Modified
2026-02-24