Severity
High
Analysis Summary
CVE-2025-3577 CVSS:4.9
A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.
CVE-2025-1732 CVSS:6.7
An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
CVE-2025-1731 CVSS:7.8
An incorrect permission assignment vulnerability in the PostgreSQL commands of the USG FLEX H series uOS firmware could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid.
Impact
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-3577
CVE-2025-1732
CVE-2025-1731
Affected Vendors
- Zyxel
Affected Products
- Zyxel AMG1302-T10B 2.00(AAJC.16)C0
- Zyxel USG FLEX H uOS V1.20 to V1.31
- Zyxel USG FLEX H uOS V1.31
Remediation
Refer to Zyxel Security Advisory for patch, upgrade, or suggested workaround information.