rainpwn.blog

    CVE Discoveries

    A comprehensive list of security vulnerabilities I've discovered and responsibly disclosed.

    18
    Total CVEs
    1
    Critical
    5
    High
    89%
    Patched

    CVE-2025-9133

    TBE
    CVSS 0
    Active

    Coming Soon!

    ZYXELUnknown
    Unknown

    TBE

    CVE-2025-8078

    TBE
    CVSS 0
    Active

    Coming soon!

    ZYXELUnknown
    Unknown

    TBE

    CVE-2025-1732

    Medium
    CVSS 6.7
    Patched

    Local Privilege Escalation on ZYXEL FLEX H Series

    ZYXELFLEX H Series
    Firewall

    An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.

    CVE-2025-1731

    High
    CVSS 7.8
    Patched

    Remote Code Execution on ZYXEL FLEX H Series

    ZYXELFLEX H Series
    Firewall

    An incorrect permission assignment vulnerability in the PostgreSQL commands of the USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token.

    CVE-2024-9677

    High
    CVSS 7.8
    Patched

    Privilege Escalation by stealing authentication token

    ZYXELUSG FLEX H
    Firewall

    The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator.