Unrated severityCISA KEVNVD Advisory· Published Nov 27, 2024· Updated Oct 21, 2025

CVE-2024-11667

Description

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

Affected products

Zyxel/ATP series firmwarev5
Range: versions V5.00 through V5.38
Zyxel/USG20(W)-VPN series firmwarev5
Range: versions V5.10 through V5.38
Zyxel/USG FLEX 50(W) series firmwarev5
Range: versions V5.10 through V5.38
Zyxel/USG FLEX series firmwarev5
Range: versions V5.00 through V5.38

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.060