Listen to this Post
How CVE-2025-3577 Works
The vulnerability exists in the web management interface of Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0. An authenticated attacker with administrator privileges can exploit improper path validation to traverse directories via crafted HTTP requests. By manipulating variables that reference files with “../” sequences, the attacker can access restricted files outside the intended root directory. The system fails to properly sanitize user-supplied input for directory traversal patterns, allowing unauthorized read access to sensitive system files.
DailyCVE Form
Platform: Zyxel AMG1302-T10B
Version: 2.00(AAJC.16)C0
Vulnerability: Path Traversal
Severity: Critical
Date: 06/23/2025
Prediction: Patch by 08/2025
What Undercode Say
curl -X GET "http://target/admin/../etc/passwd"
import requests
requests.get("http://target/admin/../../confidential.cfg")
How Exploit
1. Authenticate as admin
2. Craft malicious HTTP request
3. Bypass directory restrictions
4. Access system files
Protection from this CVE
1. Update firmware
2. Input validation
3. Access controls
Impact
1. Data exposure
2. System compromise
3. Privilege escalation
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
