ГлавнаяУязвимости → CVE-2025-6265
7.2высокая

CVE-2025-6265

Описание

A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device.

Затрагиваемое ПО
Zyxel Nwa50ax firmwareZyxel Nwa50axZyxel Nwa50ax pro firmwareZyxel Nwa50ax proZyxel Nwa55axe firmwareZyxel Nwa55axeZyxel Nwa90ax firmwareZyxel Nwa90axZyxel Nwa90ax pro firmwareZyxel Nwa90ax proZyxel Nwa110ax firmwareZyxel Nwa110axZyxel Nwa130be firmwareZyxel Nwa130beZyxel Nwa210ax firmwareZyxel Nwa210axZyxel Nwa220ax-6e firmwareZyxel Nwa220ax-6eZyxel Nwa1123ac pro firmwareZyxel Nwa1123ac proZyxel Wac500h firmwareZyxel Wac500hZyxel Wac5302d-sv2 firmwareZyxel Wac5302d-sv2Zyxel Wac6103d-i firmware
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-path-traversal-vulnerability-in-aps-07-15-2025