CVE-2025-3577

MEDIUM EPSS 94.6%

Published Apr 22, 20251y ago · Modified Jun 17, 20261w ago

4.9 CVSS 3.1

Medium

Published Apr 22, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.

CVSS Details

Base Score

4.9

Exploitability

1.2

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

94.6% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 2

Vendor	Product	Version	Range
zyxel	amg1302-t10b_firmware	2.00\(aajc.16\)c0	any
zyxel	amg1302-t10b	*	any

References 2

github.com https://github.com/Jiangxiazhe/IOT_Vulnerability/blob/main/README.md

ExploitThird Party Advisory
zyxel.com https://www.zyxel.com/service-provider/global/en/security-advisories/end-of-life

Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.