CNNVD-202602-873 Information
CNNVD ID
CNNVD-202602-873
Related CVE
- CNNVD Published: 2026-02-05
Description (Chinese)
Zyxel USG FLEX等都是中国合勤(Zyxel)公司的产品。Zyxel USG FLEX是一款防火墙。Zyxel ATP是一款防火墙。Zyxel USG FLEX 50(W)/ USG20(W)-VPN是一系列防火墙。 Zyxel多款产品存在操作系统命令注入漏洞,该漏洞源于DDNS配置CLI命令存在身份验证后命令注入,可能导致执行操作系统命令。以下产品及版本受到影响:ATP系列固件 V5.35版本至V5.41版本、USG FLEX系列固件 V5.35版本至V5.41版本、USG FLEX 50(W)系列固件 V5.35版本至V5.41版本和USG20(W)-VPN系列固件 V5.35版本至V5.41版本。
Description (English)
Zyxel USG FLEX and others are products of Zyxel. Zyxel USG FLEX is a firewall. Zyxel ATP is a firewall. Zyxel USG FLEX 50(W)/ USG20(W)-VPN is a series of firewalls. Zyxel multi-products have an OS command leak, which stems from the DDNS configuration CLI command having a post-identification command injection, which may result in the performance of an OS command. The following products and versions have been affected: ATP-Standing V5.35 to V5.41, USG FLEX-Standing V5.35 to V5.41, USG FLEX-50(W)-V5.35 to V5.41 and USG20(W)-VPN-Standing V5.35 to V5.41.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
合勤
Published
2026-02-05
Last Modified
2026-02-24