Is CVE-2024-42061 actively exploited?

CVE-2024-42061 has no public evidence of in-the-wild exploitation as of 2024-12-13.

What is the CVSS score for CVE-2024-42061?

CVE-2024-42061 has a CVSS score of 6.1 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

How do I patch CVE-2024-42061?

Patch guidance is available from zyxel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-42061.

Which products are affected by CVE-2024-42061?

4 products: zyxel zld, zyxel zld, zyxel zld, zyxel zld.

CVE-2024-42061 - remediation guidance & executive summary

Description

A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none
Weaknesses: CWE-79 · Cross-site Scripting (XSS)

Metadata

Primary Vendor: ZYXEL
Published: 9/3/2024
Last Modified: 12/13/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2024-42061

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary