CVE & Bug Hunting Program

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-0342

CVS Score : 9.8

Descrizione: The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Pedro Baptista

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-33905

CVS Score : In corso di Valutazione

Descrizione: In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-27991

CVS Score : 8.8

Descrizione: The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Massimo Chirivì

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-27909

CVS Score : 4,3

Descrizione: In Joomla component ‘jDownloads 3.9.8.2 Stable’ the remote user can change some parameters in the address bar and see the names of other users’ files

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia & Manuel Roccon

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-7203

CVS Score : 7.2

Descrizione: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-9677

CVS Score : 5.5

Descrizione: The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-5960

CVS Score : 5.5

Descrizione: An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-5797

CVS Score : 5.5

Descrizione: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-5650

CVS Score : 5.5

Descrizione: An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-4397

CVS Score : 4.4

Descrizione: A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-37925

CVS Score : 5.5

Descrizione: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-37926

CVS Score : 5.5

Descrizione: A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-1575

CVS Score : 6.5

Descrizione: The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

Per maggiori dettagli fate riferimento al seguente link

Ricercatore: Alessandro Sgreccia

Reference NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-27990

CVS Score : 4.8

Descrizione: The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.

Per maggiori dettagli fate riferimento al seguente link