A path traversal vulnerability in the “account_print.cgi”...
High severity
Unreviewed
Published
Jul 6, 2023
to the GitHub Advisory Database
•
Updated Apr 11, 2024
Description
Published by the National Vulnerability Database
Apr 24, 2023
Published to the GitHub Advisory Database
Jul 6, 2023
Last updated
Apr 11, 2024
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.
References