lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAM+3YVrwaQiB1JCtFjMevR5GQorcd1m+gcoafNR4HBT3o8gXpg@mail.gmail.com>
Date: Wed, 23 Apr 2025 08:44:55 +0200
From: Marco Ivaldi <raptor@...eadbeef.info>
To: fulldisclosure@...lists.org, submissions@...ketstormsecurity.com
Subject: [FD] HNS-2025-10 - HN Security Advisory - Local privilege
 escalation in Zyxel uOS

Hi,

Please find attached a security advisory that describes some
vulnerabilities we discovered in the Zyxel uOS Linux-based operating
system.

* Title: Local privilege escalation via Zyxel fermion-wrapper
* Product: USG FLEX H Series
* OS: Zyxel uOS V1.31 (and potentially earlier versions)
* Author: Marco Ivaldi <marco.ivaldi@...ecurity.it>
* Date: 2025-04-23
* CVE ID: CVE-2025-1731 (see discussion in "5 - Remediation" below)
* Severity: High - 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CWE ID: CWE-61 - https://cwe.mitre.org/data/definitions/61.html
* HN Security URLs:
  * https://github.com/hnsecurity/vulns/blob/main/HNS-2025-10-zyxel-fermion.txt
  * https://github.com/0xdea/exploits/blob/master/zyxel/raptor_fermion
  * https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731
* Vendor URLs:
  * https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025
  * https://community.zyxel.com/en/discussion/28988/usg-flex-h-series-v1-32patch-0-firmware-release

For additional information, please refer to our vulnerability writeup:
https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731/

Regards,

-- 
Marco Ivaldi
https://0xdeadbeef.info/
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."

View attachment "HNS-2025-10-zyxel-fermion.txt" of type "text/plain" (14761 bytes)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ