Improper Privilege Management Vulnerability in Zyxel USG FLEX H Series
CVE-2025-1732
Summary
An improper privilege management vulnerability has been identified in the recovery function of Zyxel's USG FLEX H series uOS firmware prior to version V1.31. This flaw can be exploited by an authenticated local attacker with administrator privileges, enabling them to upload a specially crafted configuration file that could potentially allow them to escalate their privileges on a vulnerable device. This situation can lead to unauthorized access and compromise the security of the network, highlighting the importance of applying timely updates and security measures.
Affected Version(s)
USG FLEX H series uOS firmware <= V1.31
News Articles
GBHackers NewsZyxel RCE Flaw Lets Attackers Run Commands Without Authentication
Security researcher Alessandro Sgreccia (aka "rainpwn") has revealed a set of critical vulnerabilities in Zyxel’s USG FLEX-H firewall series.
3 weeks ago
CybersecurityNewsZyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls
Zyxel Networks has released critical security patches to address two high-severity vulnerabilities in its USG FLEX H series firewalls that could potentially allow attackers to escalate privileges and gain unauthorized access to affected devices.Â
3 weeks ago
Zyxel Releases Patches for Privilege Management Vulnerabilities in Firewalls
Zyxel, a leading provider of secure networking solutions, has released critical security patches to address two privilege management vulnerabilities.
3 weeks ago
References
CVSS V3.1
Timeline
- đź“°
First article discovered by GBHackers News
Vulnerability published
Vulnerability Reserved