AI description
CVE-2024-42057 is a command injection vulnerability found in the IPSec VPN feature of Zyxel firewalls. It impacts Zyxel ATP series (firmware V4.32-V5.38), USG FLEX series (V4.50-V5.38), USG FLEX 50(W) series (V4.16-V5.38), and USG20(W)-VPN series (V4.16-V5.38). An unauthenticated attacker can exploit this vulnerability to execute OS commands on a vulnerable device by sending a crafted username. The vulnerability can be exploited only if the device is configured in User-Based-PSK authentication mode and a valid user with a username exceeding 28 characters exists. Zyxel has released firmware version V5.39 to address this vulnerability, and users of affected devices are advised to upgrade to the latest firmware version.
- Description
- A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.
- Source
- security@zyxel.com.tw
- NVD status
- Analyzed
- Products
- zld
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@zyxel.com.tw
- CWE-78
- Hype score
- Not currently trending
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +426.22% - CVE-2024-42057 (Zyxel Firewall..) +29.73% - CVE-2021-21974 (ESXi..) +25.27% - CVE-2018-13374 (FortiOS..) +15.68% - CVE-2020-3259 (ASA..) +11.25%
@DefusedCyber
1 Sept 2025
4835 Impressions
2 Retweets
14 Likes
9 Bookmarks
0 Replies
2 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +361.94% - CVE-2024-42057 (Zyxel Firewall..) +29.73% - CVE-2023-20269 (ASA..) +24.24% - CVE-2023-20269 (FTD..) +24.24% - CVE-2021-21974 (ESXi..) +16.07%
@DefusedCyber
25 Aug 2025
936 Impressions
1 Retweet
14 Likes
5 Bookmarks
0 Replies
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +108108.75% - CVE-2023-20269 (ASA..) +58.41% - CVE-2023-20269 (FTD..) +58.41% - CVE-2024-42057 (Zyxel Firewall..) +29.73% - CVE-2024-37085 (ESXi..) +20.63%
@DefusedCyber
18 Aug 2025
20187 Impressions
30 Retweets
184 Likes
111 Bookmarks
2 Replies
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +86627.50% - CVE-2019-5591 (FortiOS..) +44.14% - CVE-2021-26857 (Exchange On-Pre..) +32.05% - CVE-2024-42057 (Zyxel Firewall..) +29.73% - CVE-2021-27101 (Accellion File ..) +23.48
@DefusedCyber
11 Aug 2025
652 Impressions
2 Retweets
8 Likes
4 Bookmarks
0 Replies
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +3700.00% - CVE-2019-6693 (FortiOS..) +159.30% - CVE-2019-5591 (FortiOS..) +44.14% - CVE-2024-42057 (Zyxel Firewall..) +33.61% - CVE-2018-13374 (FortiOS..) +30.01%
@DefusedCyber
23 Jul 2025
1200 Impressions
2 Retweets
9 Likes
3 Bookmarks
0 Replies
1 Quote
2/8 Patch Now! If your @ZyxelNews firewall is on firmware 4.32-5.38, update to 5.39 to protect against CVE-2024-42057. #CybersecurityPatch #ZyxelUpdate 📲
@Eth1calHackrZ
28 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/8 @ZyxelNews Firewalls Under Attack! CVE-2024-42057 exploited by Helldown ransomware for unauthorized OS command execution. #ZyxelVulnerability #RansomwareAlert 🔓
@Eth1calHackrZ
28 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DoYouKnowAdversary Ransomware Alert! #Helldown ransomware, identified in August 2024, is actively targeting #Windows, #Linux and #ESXi systems. It exploits CVE-2024-42057 in #Zyxel firewalls to gain access. The #ransomware uses double #extortion tactics, exfiltrating sensitive…
@Loginsoft_Inc
26 Nov 2024
72 Impressions
5 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-42057: Helldown Ransomware Exploits Zyxel Vulnerability https://t.co/19BaqJNQS6
@the_yellow_fall
25 Nov 2024
273 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
به تازگی نسخه جدید باج افزار Helldown منتشر شده است. این باج افزار از آسیب پذیری که در فایروال Zyxel و Ipsec VPN وجود دارد برای گرفتن دسترسی استفاده می کند. آسیب پذیری مورد استفاده توسط این باج افزار دارای کد شناسایی CVE-2024-42057 می باشد. https://t.co/Poz3aKY03t https://t.co/
@AmirHossein_sec
24 Nov 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Ransomware alert! Critical Zyxel Vulnerability Exploited by HellDown Ransomware CVE-2024-42057: command injection vulnerability affecting the IPSec VPN feature in specific firmware versions of Zyxel devices. The impacted firmware versions include Zyxel ATP series…
@Loginsoft_Inc
22 Nov 2024
54 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
HelldownランサムがZyxcelのCVE-2024-42057(IPSec VPNでのUser-Based-PSK 認証モードかつ28文字以上のユーザが存在する場合に生じるRCEの脆弱性)を悪用の可能性との報道を受け調査。 https://t.co/cCey0dG51v… https://t.co/NFM8eUXD1K https://t.co/8ISM7Xnw9c
@nekono_naha
22 Nov 2024
1544 Impressions
3 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-42057
@transilienceai
21 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
HellDown Ransomware exploiting Zyxel Vulnerability #HelldownRansomware #CVE-2024-42057 #Zyxel https://t.co/zJLrWfOF94
@pravin_karthik
20 Nov 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SCMagazine: Among the targeted flaws was CVE-2024-42057, a code execution flaw that had not previously been targeted in the wild. https://t.co/MPO90n9EK1 #cybersecurity #ransomware #vmware
@MrsYisWhy
20 Nov 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Helldown ransomware exploits Zyxel VPN flaw (CVE-2024-42057) to breach networks, steal data, & encrypt systems. Update to firmware 5.39+, enforce MFA, & monitor for suspicious activity. Patch now, stay safe! 🔒 #Ransomware #ZyxelVPN #CyberSecurity https://t.co/g9gXOdbk
@VulnVanguard
19 Nov 2024
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
HelldownランサムウェアがZyxel社ファイアウォールのIPSec VPNにおける脆弱性を悪用している。Sekoia社報告。同集団の被害者としてはZyxel Europe社も掲載されている。悪用が推測されている脆弱性はCVE-2024-42057。 https://t.co/n5ViaV7LA0
@__kokumoto
19 Nov 2024
870 Impressions
3 Retweets
4 Likes
2 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "871446C3-30E8-4FE9-AC8A-4D87A400233F",
"versionEndExcluding": "5.39",
"versionStartIncluding": "4.32"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4240E15F-8869-4DA7-9F6E-5DAF3708F9A7",
"versionEndExcluding": "5.39",
"versionStartIncluding": "4.50"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2C43DB2-3339-4FB1-AC44-56619A9DDAA0",
"versionEndExcluding": "5.39",
"versionStartIncluding": "4.16"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2C43DB2-3339-4FB1-AC44-56619A9DDAA0",
"versionEndExcluding": "5.39",
"versionStartIncluding": "4.16"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]