Cyber Resilience

CVE-2024-11667

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 27 November 2024

Published
27 November 2024
Modified
27 October 2025
KEV Added
03 December 2024
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.2894 96.7th percentile
Risk Priority 52 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11667 is a high-severity Path Traversal (CWE-22) vulnerability in Zyxel Zld. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 3.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A directory traversal vulnerability tracked as CVE-2024-11667 affects the web management interface of multiple Zyxel firewall product lines, specifically ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38. The flaw, assigned CWE-22, permits an unauthenticated remote attacker to access or manipulate files on the device by supplying a crafted URL.

An attacker with network access to the management interface can exploit the issue without credentials or user interaction to download or upload arbitrary files. Successful exploitation yields high confidentiality impact, as reflected in the CVSS 7.5 score, and could enable further compromise of the affected firewall.

Zyxel has published a security advisory detailing the affected firmware ranges and recommended actions, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild use.

The EPSS score for this vulnerability rose from a low baseline to a peak of 0.4399, with a current value of 0.2894, indicating that exploitation interest increased after public disclosure.

EU & UK References

Vulnerability details

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions…

more

V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

CWE(s)
KEV Date Added
03 December 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zyxel
zld
5.00 — 5.38 · 5.00 — 5.38 · 5.10 — 5.38

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directory traversal via crafted URLs is a direct failure of input validation on path parameters in the web management interface.

prevent

Zyxel’s recommended fix and CISA KEV listing both require prompt application of firmware updates that correct the path-handling flaw.

prevent

Proper access enforcement on the management interface would block unauthenticated file read/write operations even if a traversal string reaches the handler.

References