CVE-2025-3577

Medium CVSS: 4.9

**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.

Vendor

Zyxel

Product

Amg1302-t10b Firmware

CWE

CWE-22

Yayın Tarihi

2025-04-22 03:15:21

Güncelleme

2025-06-23 19:29:59

Source Identifier

security@zyxel.com.tw

KEV Date Added

Kategoriler

CWE-22 Amg1302-t10b Firmware MEDIUM Zyxel 2025

Referanslar

https://github.com/Jiangxiazhe/IOT_Vulnerability/blob/main/README.md https://www.zyxel.com/service-provider/global/en/security-advisories/end-of-life https://github.com/Jiangxiazhe/IOT_Vulnerability/blob/main/README.md

Benzer Kayıtlar

Medium

CVE-2025-11848

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version throu…

Critical

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C…

High

CVE-2025-13943

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware…

High

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG362…

Medium

CVE-2025-11847

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions thro…

Medium

CVE-2025-11846

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions…