cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-40891,https://securityvulnerability.io/vulnerability/CVE-2024-40891,Command Injection Vulnerability in Zyxel DSL CPE Firmware,"A post-authentication command injection vulnerability exists in the management commands of Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615. This flaw allows an authenticated attacker to execute arbitrary operating system commands via Telnet, potentially compromising the security and integrity of the affected device.",Zyxel,Vmg4325-b10a Firmware,8.8,HIGH,0.01,false,,true,false,true,2025-02-04T21:22:52.000Z,false,true,true,2025-02-04T11:52:02.520Z,2025-02-04T10:02:48.018Z,5207
CVE-2024-11667,https://securityvulnerability.io/vulnerability/CVE-2024-11667,Directory Traversal Vulnerability in Zyxel ATP and USG FLEX Products,"CVE-2024-11667 is a directory traversal vulnerability identified in the web management interface of several Zyxel firmware versions. This flaw exists in Zyxel's ATP Series, USG FLEX Series, and USG20(W)-VPN Series firmware versions, which could potentially enable an unauthorized attacker to exploit crafted URLs to upload or download arbitrary files. Effective security measures and updated firmware are essential to protect against potential attacks leveraging this vulnerability. Organizations using these products should consult Zyxel's advisory for remediation steps.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware",9.8,CRITICAL,0.18846000730991364,true,2024-12-03T00:00:00.000Z,true,true,true,2024-11-29T09:18:41.000Z,,false,false,,2024-11-27T09:39:41.691Z,0
CVE-2024-29973,https://securityvulnerability.io/vulnerability/CVE-2024-29973,Unauthenticated Command Injection Vulnerability in Zyxel NAS326 Firmware,"The Zyxel NAS326 and NAS542 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 have an unauthenticated command injection vulnerability that allows unauthenticated attackers to execute operating system (OS) commands by sending a crafted HTTP POST request. Three other high-severity vulnerabilities were discovered by security researchers in these devices as well, including a backdoor account called ""NsaRescueAngel."" The discovery of these vulnerabilities prompted Zyxel to release patches for these devices, despite reaching end-of-life status. There is no evidence of these vulnerabilities being exploited in the wild, but the proof of concept for exploitation is available, so it is likely to happen soon.",Zyxel,"Nas326 Firmware,Nas542 Firmware",9.8,CRITICAL,0.004189999774098396,false,,true,true,true,2024-06-21T15:38:50.000Z,true,false,false,,2024-06-04T01:29:41.852Z,110