CVE-2020-29299
Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)
Published: Dec 27, 2020 / Updated: 47mo ago
010
CVSS 7.2EPSS 0.12%High
CVE info copied to clipboard
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Timeline
First Article
Feedly found the first article mentioning CVE-2020-29299. See article
Dec 27, 2020 at 8:35 AM / nitter.net
EPSS
EPSS Score was set to: 0.12% (Percentile: 46.1%)
Sep 24, 2023 at 8:10 AM
Affected Systems
Zyxel/vpn_orchestrator
+null more
Patches
www.zyxel.com
+null more
Attack Patterns
CAPEC-136: LDAP Injection
+null more
News
How to install osint - Fadeaway Italia -
Gather through OSINT using PhoneInfoga in termux on android 2020 On this article, I will give best idea about all information of any phone number ussing termux and How to download and install this tools. OSINT (Open Source Intelligence) uses publicly available data to get insights into military capabilities.
How to install osint - Veor.it
Install and configure advanced tools for carrying out OSINT. The guide contains nothing groundbreaking; just instructions on how to install and configure Request Tracker in CentOS with a PostgreSQL database and Apache web server.