MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-11730

🔴 HIGH

A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versi...

Published
Feb 05, 2026
Last Modified
Feb 05, 2026
Views
8
Bookmarks
0

Description

Request Expert Review

A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmware versions from V5.35 through V5.41, and USG20(W)-VPN series firmware versions from V5.35 through V5.41 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device by supplying a specially crafted string as an argument to the CLI command.

CVSS Scores

CVSS 3.1 7.2
7.2
HIGH
CVSS 2.0 7.2

References

www.zyxel.com

Additional Information

Source
security@zyxel.com.tw
State
Received

Related CVEs

CVE-2025-10314

HIGH

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attack...

Score: 8.8

CVE-2026-1898

MEDIUM

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component L...

Score: 6.3

CVE-2026-1897

MEDIUM

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of t...

Score: 4.3

CVE-2026-1896

MEDIUM

A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migr...

Score: 6.3

CVE-2025-13192

HIGH

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic S...

Score: 8.2

CVE-2019-25288

HIGH

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privi...

Score: 7.8

Share CVE-2025-11730

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-11730 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis