CVE-2024-42061
Essential information
- Published
- 03/09/2024 03:15
- Modified
- 05/09/2024 14:32
- Author
- —
- Creator
- —
- CVSS
- 6.1 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- REQUIRED
- Scope
- CHANGED
- Confidentiality impact
- LOW
- Integrity impact
- LOW
- Availability impact
- NONE
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| zyxel / zld firmware | cpe:2.3:o:zyxel:zld_firmware:*:*:*:*:*:*:*:* |
| zyxel / atp100 | cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:* |
| zyxel / atp100w | cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:* |
| zyxel / atp200 | cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:* |
| zyxel / atp500 | cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:* |
| zyxel / atp700 | cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:* |
| zyxel / atp800 | cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:* |
| zyxel / zld firmware | cpe:2.3:o:zyxel:zld_firmware:*:*:*:*:*:*:*:* |
| zyxel / usg flex 100 | cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:* |
| zyxel / usg flex 100ax | cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:* |
| zyxel / usg flex 100w | cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:* |
| zyxel / usg flex 200 | cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:* |
| zyxel / usg flex 50 | cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:* |
| zyxel / usg flex 500 | cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:* |
| zyxel / usg flex 700 | cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:* |
| zyxel / zld firmware | cpe:2.3:o:zyxel:zld_firmware:*:*:*:*:*:*:*:* |
| zyxel / usg flex 50w | cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:* |
| zyxel / zld firmware | cpe:2.3:o:zyxel:zld_firmware:*:*:*:*:*:*:*:* |
| zyxel / usg 20w-vpn | cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:* |