- Description
- An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
- Source
- security@zyxel.com.tw
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- security@zyxel.com.tw
- CWE-269
- Hype score
- Not currently trending
Authenticated Remote Code Execution on USG FLEX H Series (CVE-2025-1731 / CVE-2025-1732) https://t.co/PUMMNamEm1
@_r_netsec
24 Apr 2025
296 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1732 04/22/2025 03:15:21 AM BaseSeverity: MEDIUM An impr... https://t.co/a020Pw84pl
@CVETracker
22 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1732 An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated loc… https://t.co/kICKpN1lxn
@CVEnew
22 Apr 2025
665 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes