A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Zyxel
Published: 2023-04-24T00:00:00
Updated: 2023-04-24T00:00:00
Reserved: 2023-01-10T00:00:00
Link: CVE-2023-22914
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-24T17:15:09.627
Modified: 2023-05-04T14:32:03.143
Link: CVE-2023-22914
JSON object: View
Redhat Information
No data.
CWE