Path Traversal Vulnerability in Zyxel AMG1302-T10B Firmware
CVE-2025-3577

4.9MEDIUM

Key Information:

Vendor: Zyxel
Status: Amg1302-t10b Firmware
Vendor: CVE Published:; 22 April 2025

Summary

A path traversal vulnerability exists within the web management interface of the Zyxel AMG1302-T10B device, allowing an authenticated attacker with administrator privileges to gain unauthorized access to restricted directories. By crafting a specific HTTP request, the attacker can exploit this flaw to navigate the file system beyond the intended boundaries and potentially expose sensitive data. This vulnerability accentuates the importance of securing device configurations and regular firmware updates.

Affected Version(s)

AMG1302-T10B firmware 2.00(AAJC.16)C0

References

https://www.zyxel.com/service-provider/global/en/security...

https://github.com/Jiangxiazhe/IOT_Vulnerability/blob/mai...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Apr 14, 2025