CVE-2024-11667 has been actively exploited, as observed through honeypots that detected similar exploitation patterns. These findings were reported to Zyxel’s Product Security Incident Response Team (PSIRT) by researchers. The vulnerability is currently being used by known threat actors, such as Helldown, increasing the urgency for immediate remediation.
| Product | Zyxel Devices |
| Date | 2024-12-02 15:45:21 |
| Information |
|
Technical Summary
CVE-2024-11667 is a directory traversal vulnerability in the web management interface of Zyxel firewall firmware. It affects the following versions:
- ATP series: V5.00 through V5.38
- USG FLEX series: V5.00 through V5.38
- USG FLEX 50(W) series: V5.10 through V5.38
- USG20(W)-VPN series: V5.10 through V5.38
This vulnerability allows an attacker to use a specially crafted URL to download or upload files, with the potential to gain unauthorized access and further compromise the device or the network.
Recommendations
To protect your network and mitigate the risk of exploitation:
1 – Update the firmware:
- Upgrade to firmware version 5.39 or later, in which the vulnerability has been patched.
2 – Disable remote access:
- Temporarily disable remote access for the management of affected devices until the update is applied.
3 – Change administrative passwords:
- Use strong and unique passwords for administrative access.
[Callforaction-THREAT-Footer]
