Primary

Context

Zyxel USG FLEX H Series Firewalls Improper Privilege Management Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A vulnerability has been identified in the recovery function of the USG FLEX H series firewalls, specifically in the uOS firmware versions through 1.31. This vulnerability involves improper privilege management, which could enable an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on the affected device.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation on the affected device, allowing the attacker to gain elevated rights and potentially misuse them for malicious purposes.

Remediation

Users are advised to update to the latest firmware version, uOS V1.32, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zyxel USG FLEX H Series Firewalls Improper Privilege Management Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Zyxel USG FLEX H

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating