Search criteria
45 vulnerabilities found for usg20-vpn_firmware by zyxel
FKIE_CVE-2023-6764
Vulnerability from fkie_nvd - Published: 2024-02-20 03:15 - Updated: 2025-01-21 18:35
Severity ?
Summary
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B1CC86-551C-4CF1-9905-22D983C87B0C",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "121E2131-A6CB-4714-BD0B-9CDBFF924F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C4AA7A4F-E00F-4CFA-8B4F-305BEC37F0B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D7828-078E-4418-9F04-302FC7F8BB25",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "F750721F-73AD-4BDD-A407-72D8DEB30C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "069E7437-BF71-4F73-8C0A-44DC9804492B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67DC678C-8CA1-4289-A69B-435FE3374BCD",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "B20F854E-486D-46C0-90C8-81153573FEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DE71538C-16FD-43B1-B6CD-EB5988AFB7BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C9B7E5-F548-4F9F-8CA7-20B7D41DF0AC",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "9E8933B8-F66E-4667-955E-DB5486534C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "6F694EDC-DEF2-47D4-BCF0-32972EF8CEA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1974D6-04C1-4135-812D-6901712940EE",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "0E3E890B-8BDE-4C22-BFF7-B87495C71C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3037AE20-8F8B-4656-9534-6436A8AEA8C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C4C98F-B383-4F2F-B84E-3C6DDD8437DB",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "67FA1CEC-DED7-46D4-A4FC-780431B3EE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD1CE91-B72C-4589-9A5F-F1164C0193AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D66CA5F-C85F-4D69-8F82-BDCF6FCB905C",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DF266069-4FA5-4343-B62C-0940A0C61566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "99E0ECA5-7FE6-4E56-A741-E3260C99A43A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF216E5-870B-4C6E-9CFA-A5FB6F476CB0",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "395E8D72-E9F6-4923-B4DE-875D195B27F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FCBEDDCD-A9F6-4E07-ADF8-B1E9C557CDEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C220BBFF-29A6-483B-9806-6A966625EFEE",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "45EEA203-C4E3-4916-A9E5-15AB994B53FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A21576D3-6A3F-451C-9B62-E0B0418D5529",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E31FC3-E2EC-4909-BF8D-86775AF4D4B5",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DC61CF4F-74D5-4C96-8D8A-779436CF344D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "25EB6607-7241-4D01-BC87-3C3E62B27B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EF9AA9-65D5-4D7B-A2BF-9150C6339282",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "8E4CC2FF-2BB1-43E8-A7AA-56A220705FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "31206A47-4A01-4FB7-A0AA-E9D22C63941D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B29C9B-DB92-4DBD-9F83-1C9FABAC81B4",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "CBDE985D-B016-4303-8EE6-904C79F8FE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "0ACD16E9-7EE0-4AD5-9D71-121AFAEF7947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC129C3-AD72-44AE-B89D-5BF40559B9F4",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "9EE95AED-D8FB-44BD-856D-2F7A6DB2AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "D764B87E-8B23-4C33-93BB-59B23CFEADBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B221F5CD-C0C6-4917-AC15-FF1BA3904915",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "D9D7FBB8-C983-4EFA-90CB-EC5C6A26D112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "5CDA1267-E136-4932-9627-B4D12DB17E27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ACA5C0-F9AC-4986-95CF-74A92DEAF45E",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "1D168F82-50CE-4E25-B1D9-B50F69463F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9A0B9A2C-772B-4669-BC7C-71FA32B1B4EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA43EB7-3F72-4250-BE9A-7449B8AEF90F",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "A1FEDD30-0B80-4F07-8475-156B9FE46883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3953AFFC-18E6-46AA-BC99-EA65726E4D9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D051AE62-28E7-4626-B5CB-F4B244260A0E",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "A5A45A9D-D9C7-495D-BD83-EE088746FD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "606D09B9-0376-4277-9964-F0580D65C3E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50C93BA9-E4F3-48F3-8D58-92409905AC03",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "5476C178-E553-44FC-854B-5851F0F28469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C2D65155-CDF2-4A99-94CA-D4B61B26D32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2842FD-23CC-4E12-AF08-979035695E5F",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DC8C2C47-FE8E-4496-9648-0B264A9A2EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "EEB68246-FD4B-4FB6-9140-63725EA24660",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E10984B-2ACA-4B15-AF74-F6E7D467DA8B",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "B0BFA01B-1328-4F96-AE56-D39416A54F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABB0C1EC-512C-4A00-84C6-4F93FDD7739F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE25FC75-B93D-4010-A255-2AF732D47674",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "D8470EFC-2AED-45A3-8F4E-CF8EB8EB43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "AFD0A4B7-5A6D-4DAE-9FA4-559F9932A92B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de cadena de formato en una funci\u00f3n de la funci\u00f3n VPN IPSec en las versiones de firmware de la serie Zyxel ATP de 4.32 a 5.37 Parche 1, versiones de firmware de la serie USG FLEX de 4.50 a 5.37 Parche 1, versiones de firmware de la serie USG FLEX 50(W) de 4.16 a 5.37 El parche 1 y las versiones de firmware de la serie USG20(W)-VPN desde 4.16 hasta 5.37. El parche 1 podr\u00eda permitir a un atacante lograr la ejecuci\u00f3n remota no autorizada de c\u00f3digo enviando una secuencia de payloads especialmente manipulados que contengan un puntero no v\u00e1lido; sin embargo, un ataque de este tipo requerir\u00eda un conocimiento detallado del dise\u00f1o y la configuraci\u00f3n de la memoria del dispositivo afectado."
}
],
"id": "CVE-2023-6764",
"lastModified": "2025-01-21T18:35:59.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Primary"
}
]
},
"published": "2024-02-20T03:15:07.870",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-6399
Vulnerability from fkie_nvd - Published: 2024-02-20 02:15 - Updated: 2025-01-21 18:36
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88A27486-8F61-46B1-AA77-1249E75DD8CC",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "121E2131-A6CB-4714-BD0B-9CDBFF924F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C4AA7A4F-E00F-4CFA-8B4F-305BEC37F0B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "218B2397-5415-4AC0-BFA4-7D24640EF76E",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "F750721F-73AD-4BDD-A407-72D8DEB30C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "069E7437-BF71-4F73-8C0A-44DC9804492B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16582B0-232D-4815-86D5-1CFFFFE5990D",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "B20F854E-486D-46C0-90C8-81153573FEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DE71538C-16FD-43B1-B6CD-EB5988AFB7BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C968353-8FC1-45B7-A2D0-F6713A3BC760",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "9E8933B8-F66E-4667-955E-DB5486534C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "6F694EDC-DEF2-47D4-BCF0-32972EF8CEA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C951EB-8950-4927-8F99-81EE1B4856F7",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "0E3E890B-8BDE-4C22-BFF7-B87495C71C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3037AE20-8F8B-4656-9534-6436A8AEA8C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF54B670-3135-4AF9-B72D-F4D8BEE48878",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "67FA1CEC-DED7-46D4-A4FC-780431B3EE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD1CE91-B72C-4589-9A5F-F1164C0193AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "700227C4-A23F-4CFF-839F-B61A44E0E34E",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DF266069-4FA5-4343-B62C-0940A0C61566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "99E0ECA5-7FE6-4E56-A741-E3260C99A43A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23ACF5-9961-4BA9-84D2-C09EF39790D2",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "395E8D72-E9F6-4923-B4DE-875D195B27F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FCBEDDCD-A9F6-4E07-ADF8-B1E9C557CDEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8EFB09-4987-4CB6-838D-A15D47A2000D",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "45EEA203-C4E3-4916-A9E5-15AB994B53FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A21576D3-6A3F-451C-9B62-E0B0418D5529",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24FD1EE-4527-4A9D-AFF6-086EB5A30347",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DC61CF4F-74D5-4C96-8D8A-779436CF344D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "25EB6607-7241-4D01-BC87-3C3E62B27B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61F127FD-22D4-48CC-95FC-321722683A6D",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "8E4CC2FF-2BB1-43E8-A7AA-56A220705FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "31206A47-4A01-4FB7-A0AA-E9D22C63941D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8198C3A9-5F65-4FC8-8997-81BEB218FE0D",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "CBDE985D-B016-4303-8EE6-904C79F8FE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "0ACD16E9-7EE0-4AD5-9D71-121AFAEF7947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A91D7A49-19EA-43E6-BA4C-A92814DCE37B",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "9EE95AED-D8FB-44BD-856D-2F7A6DB2AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "D764B87E-8B23-4C33-93BB-59B23CFEADBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7494CE3-5299-4B2D-B432-CDAC50D30103",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "D9D7FBB8-C983-4EFA-90CB-EC5C6A26D112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "5CDA1267-E136-4932-9627-B4D12DB17E27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "135DA0CD-2403-44F0-97CF-290B33B4CFAF",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "1D168F82-50CE-4E25-B1D9-B50F69463F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9A0B9A2C-772B-4669-BC7C-71FA32B1B4EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D57C8E7-6126-4A9D-A24A-F56719A59E8B",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "A1FEDD30-0B80-4F07-8475-156B9FE46883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3953AFFC-18E6-46AA-BC99-EA65726E4D9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42F9F198-3A49-4BD9-952B-B95E4E3EC19A",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "A5A45A9D-D9C7-495D-BD83-EE088746FD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "606D09B9-0376-4277-9964-F0580D65C3E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB8F3CE-5EE9-41AD-9CB3-014BE1F51F27",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "5476C178-E553-44FC-854B-5851F0F28469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C2D65155-CDF2-4A99-94CA-D4B61B26D32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8F9B1A-BC4D-450B-86D3-31FDCFAB2BCF",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DC8C2C47-FE8E-4496-9648-0B264A9A2EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "EEB68246-FD4B-4FB6-9140-63725EA24660",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5BE31C-A1A5-45E1-8E75-804FE2BB5E8D",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "B0BFA01B-1328-4F96-AE56-D39416A54F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABB0C1EC-512C-4A00-84C6-4F93FDD7739F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9927F99-F8B9-43D6-942B-3BADA5F4970F",
"versionEndExcluding": "5.37",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "D8470EFC-2AED-45A3-8F4E-CF8EB8EB43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "AFD0A4B7-5A6D-4DAE-9FA4-559F9932A92B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:uos:1.10:-:*:*:*:*:*:*",
"matchCriteriaId": "AD61F9D7-0229-4A40-903E-F25F67E547F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:uos:1.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "29B81F51-C82B-4099-99B4-5A53BAAA45C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCFC4B1-37DD-4BF7-86A9-5F0A9A2C1D07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\u00a0USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \u201cdeviceid\u201d daemon by sending a crafted hostname to an affected device if it has the \u201cDevice Insight\u201d feature enabled."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cadena de formato en las versiones de firmware de la serie Zyxel ATP desde 4.32 hasta 5.37 Parche 1, versiones de firmware de la serie USG FLEX desde 4.50 hasta 5.37 Parche 1, versiones de firmware de la serie USG FLEX 50(W) desde 4.16 hasta 5.37 Parche 1 y USG20(W) -Las versiones de firmware de la serie VPN desde la 4.16 hasta la 5.37, parche 1, podr\u00edan permitir que un usuario de VPN IPSec autenticado provoque condiciones DoS contra el demonio \"deviceid\" enviando un nombre de host manipulado a un dispositivo afectado si tiene habilitada la funci\u00f3n \"Device Insight\"."
}
],
"id": "CVE-2023-6399",
"lastModified": "2025-01-21T18:36:34.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-20T02:15:49.407",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-6398
Vulnerability from fkie_nvd - Published: 2024-02-20 02:15 - Updated: 2025-01-21 18:36
Severity ?
Summary
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,
USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,
NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B1CC86-551C-4CF1-9905-22D983C87B0C",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "121E2131-A6CB-4714-BD0B-9CDBFF924F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C4AA7A4F-E00F-4CFA-8B4F-305BEC37F0B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D7828-078E-4418-9F04-302FC7F8BB25",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "F750721F-73AD-4BDD-A407-72D8DEB30C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "069E7437-BF71-4F73-8C0A-44DC9804492B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67DC678C-8CA1-4289-A69B-435FE3374BCD",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "B20F854E-486D-46C0-90C8-81153573FEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DE71538C-16FD-43B1-B6CD-EB5988AFB7BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C9B7E5-F548-4F9F-8CA7-20B7D41DF0AC",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "9E8933B8-F66E-4667-955E-DB5486534C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "6F694EDC-DEF2-47D4-BCF0-32972EF8CEA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1974D6-04C1-4135-812D-6901712940EE",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "0E3E890B-8BDE-4C22-BFF7-B87495C71C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3037AE20-8F8B-4656-9534-6436A8AEA8C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C4C98F-B383-4F2F-B84E-3C6DDD8437DB",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "67FA1CEC-DED7-46D4-A4FC-780431B3EE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD1CE91-B72C-4589-9A5F-F1164C0193AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D66CA5F-C85F-4D69-8F82-BDCF6FCB905C",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DF266069-4FA5-4343-B62C-0940A0C61566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "99E0ECA5-7FE6-4E56-A741-E3260C99A43A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF216E5-870B-4C6E-9CFA-A5FB6F476CB0",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "395E8D72-E9F6-4923-B4DE-875D195B27F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FCBEDDCD-A9F6-4E07-ADF8-B1E9C557CDEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C220BBFF-29A6-483B-9806-6A966625EFEE",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "45EEA203-C4E3-4916-A9E5-15AB994B53FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A21576D3-6A3F-451C-9B62-E0B0418D5529",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E31FC3-E2EC-4909-BF8D-86775AF4D4B5",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DC61CF4F-74D5-4C96-8D8A-779436CF344D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "25EB6607-7241-4D01-BC87-3C3E62B27B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EF9AA9-65D5-4D7B-A2BF-9150C6339282",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "8E4CC2FF-2BB1-43E8-A7AA-56A220705FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "31206A47-4A01-4FB7-A0AA-E9D22C63941D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B29C9B-DB92-4DBD-9F83-1C9FABAC81B4",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "CBDE985D-B016-4303-8EE6-904C79F8FE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "0ACD16E9-7EE0-4AD5-9D71-121AFAEF7947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC129C3-AD72-44AE-B89D-5BF40559B9F4",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "9EE95AED-D8FB-44BD-856D-2F7A6DB2AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "D764B87E-8B23-4C33-93BB-59B23CFEADBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50C93BA9-E4F3-48F3-8D58-92409905AC03",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "5476C178-E553-44FC-854B-5851F0F28469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C2D65155-CDF2-4A99-94CA-D4B61B26D32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B221F5CD-C0C6-4917-AC15-FF1BA3904915",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "D9D7FBB8-C983-4EFA-90CB-EC5C6A26D112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "5CDA1267-E136-4932-9627-B4D12DB17E27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ACA5C0-F9AC-4986-95CF-74A92DEAF45E",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "1D168F82-50CE-4E25-B1D9-B50F69463F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9A0B9A2C-772B-4669-BC7C-71FA32B1B4EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2842FD-23CC-4E12-AF08-979035695E5F",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DC8C2C47-FE8E-4496-9648-0B264A9A2EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "EEB68246-FD4B-4FB6-9140-63725EA24660",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA43EB7-3F72-4250-BE9A-7449B8AEF90F",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "A1FEDD30-0B80-4F07-8475-156B9FE46883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3953AFFC-18E6-46AA-BC99-EA65726E4D9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D051AE62-28E7-4626-B5CB-F4B244260A0E",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "A5A45A9D-D9C7-495D-BD83-EE088746FD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "606D09B9-0376-4277-9964-F0580D65C3E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E10984B-2ACA-4B15-AF74-F6E7D467DA8B",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "B0BFA01B-1328-4F96-AE56-D39416A54F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABB0C1EC-512C-4A00-84C6-4F93FDD7739F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE25FC75-B93D-4010-A255-2AF732D47674",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "D8470EFC-2AED-45A3-8F4E-CF8EB8EB43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "AFD0A4B7-5A6D-4DAE-9FA4-559F9932A92B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:uos:1.10:-:*:*:*:*:*:*",
"matchCriteriaId": "AD61F9D7-0229-4A40-903E-F25F67E547F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:uos:1.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "29B81F51-C82B-4099-99B4-5A53BAAA45C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCFC4B1-37DD-4BF7-86A9-5F0A9A2C1D07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F35D4CA0-0E9B-4284-B72F-1151BCC85A82",
"versionEndExcluding": "6.29\\(abyw.4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97593633-CDCA-4F99-AD92-3E64E2262539",
"versionEndExcluding": "6.29\\(abzl.4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47F336-D8B8-4B99-AE3E-6694BE7A2BFB",
"versionEndExcluding": "6.29\\(accv.4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3580D6A6-24F7-4759-BFF4-D7A7A83477FE",
"versionEndExcluding": "6.70\\(abtg.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC634A9-79A8-4562-BDD5-79AE7A3AA3B3",
"versionEndExcluding": "6.70\\(abtd.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF0E904-747A-4799-929D-2838173DF657",
"versionEndExcluding": "6.70\\(acco.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FFADE1-8BC3-4DC1-ACC6-5FEC0D6F2738",
"versionEndExcluding": "6.70\\(abvt.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB667E-C8BC-4ECF-8D69-046C01546AE9",
"versionEndExcluding": "6.70\\(abvs.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0BD60E-14CF-4D36-B443-C2CAB4B85564",
"versionEndExcluding": "6.70\\(abwa.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C7861D-27F0-466A-8FE0-9253F2A8BC70",
"versionEndExcluding": "6.70\\(achf.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3073565-BCDF-46EA-8FB0-E9BF402A5122",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A004988-13FC-4289-9CC6-D88D4DBC6818",
"versionEndExcluding": "6.70\\(abtf.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF2C2C3-F31D-4C2A-9DFF-733273AABFB2",
"versionEndExcluding": "6.70\\(abte.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FABC195A-5D2C-40DE-A23B-FA0B4D7AF303",
"versionEndExcluding": "6.70\\(accn.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CE181-704A-491C-BDE6-D9195AB99686",
"versionEndExcluding": "6.70\\(abzd.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF887F95-F742-414D-B461-0EB1396885E4",
"versionEndExcluding": "6.70\\(accm.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3855AC8-C642-4C2B-A21D-5D3D78FCF61F",
"versionEndExcluding": "6.70\\(abrm.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A700911F-3CE7-4E72-AD7B-5116F90E9C69",
"versionEndExcluding": "6.70\\(acdo.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E6DCC0-5C84-4B0B-8000-F326DC52F740",
"versionEndExcluding": "6.70\\(acgg.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A88CCD01-D827-4891-8E99-67B6FD064FE9",
"versionEndExcluding": "6.80\\(acge.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D936894-A119-4EC4-BA51-3B2CD9F3F477",
"versionEndExcluding": "6.80\\(acgf.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, \n\nUSG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,\n\nNWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en el binario de carga de archivos en las versiones de firmware de la serie Zyxel ATP de 4.32 a 5.37, parche 1, versiones de firmware de la serie USG FLEX de 4.50 a 5.37, parche 1, versiones de firmware de la serie USG FLEX 50(W) de 4.16 a 5.37 Parche 1, versiones de firmware de la serie USG20(W)-VPN desde 4.16 hasta 5.37 Parche 1, versiones de firmware NWA50AX hasta 6.29(ABYW.3), versiones de firmware WAC500 hasta 6.65(ABVS.1), versiones de firmware WAX300H hasta 6.60(ACHF.1 ), y las versiones de firmware WBE660S hasta 6.65 (ACGG.1) podr\u00edan permitir que un atacante autenticado con privilegios de administrador ejecute algunos comandos del sistema operativo (SO) en un dispositivo afectado a trav\u00e9s de FTP."
}
],
"id": "CVE-2023-6398",
"lastModified": "2025-01-21T18:36:54.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Primary"
}
]
},
"published": "2024-02-20T02:15:49.110",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Primary"
}
]
}
FKIE_CVE-2023-33009
Vulnerability from fkie_nvd - Published: 2023-05-24 13:15 - Updated: 2025-10-27 17:04
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
References
Impacted products
{
"cisaActionDue": "2023-06-26",
"cisaExploitAdd": "2023-06-05",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zyxel Multiple Firewalls Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "558978AD-8153-4C1F-A6DE-CCFBF69F754D",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "C5813B69-C1A3-4695-8B63-17994BBA1723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B61DE8A9-6A73-45EF-8C37-39138F39168A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A32A52F5-5406-4A44-A5C1-42FCDC8C6B22",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "49FF3D01-C9AA-452C-A079-3180DC8DB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8ABED29D-8074-46AB-8A0F-759B0653691B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "320FC232-D76C-4D8A-8003-7C9A7A287A4C",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "9801F3AB-4560-44AA-934F-0A6D31F46195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2A0E5B17-00E0-4CB0-9787-D6A8C8E1E0BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81CB716A-E996-48A6-8C2D-F4B9398FCA77",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "3CBAF763-195F-4B36-A450-719931B86650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4CB974EC-859A-4B74-8A60-98A5406E8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2360F0CC-6958-47B6-87A9-B03D52DEBAF8",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "F4CF847A-A858-43A6-B35B-91455682E382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9BE980D6-9D39-41B9-A35C-1879B72F4146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4EE067-E0F0-49B7-8698-8B1AD8E346F0",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "BA1C872C-9192-410D-86F1-55CDF07DE77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "EECC0FB9-DED8-4ACF-A627-0537F3EE8C65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96CB09A-9AB3-4360-ACFC-A917E7EEC460",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "DA9E3C5E-9447-40D2-9036-6097FF433433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "12F0F5D8-AC3F-4485-A013-5109FB796FF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF08551-BA8E-47BC-985D-D5ED76A46793",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "EF66A8A2-EE45-43ED-8F5A-FF488AC39943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "F185DD94-DDA0-4B37-BADE-8468BA08CC02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "030F29C9-5435-4EA5-B009-895BB2259C19",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "23E7810E-370E-4405-B7A2-C988511BE7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8571FFB9-A90D-4EBD-87C0-F5119D142CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62ACD903-AC40-451C-B2AB-6F843B3C8897",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "46E17CE0-8EA7-4188-B3E7-DBD1D30C8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C3D2B551-E080-4F75-A0C7-30D9E684EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04A828C5-B71C-43EE-8132-C14C58A52360",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "9A4E9538-EFB8-4181-A48B-D9B09F124B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9ECBAE12-DD16-476C-A2F1-2DF5F334741D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96CB09A-9AB3-4360-ACFC-A917E7EEC460",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "6ED353C3-7BD1-4270-8D70-0B3D51C276E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "AEA17444-10FA-4B93-A2D3-5D00151C12C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7B066A-5AF0-42AF-A341-A91802F588F1",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "206BCF6E-CEB7-4972-B321-ED3CAFD92E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "18F99AF2-8419-4ADC-9F46-D53C177BA50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0AF7BA-8673-4E69-ACEC-8C0DA8DD417B",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "107BB5B9-9C04-4C35-88AD-4D59ECD17778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "5776089E-F9F4-4A0E-A169-FA1FC4DC6329",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42F4D9F3-BCBF-4990-B270-3592D69FCC22",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "B5FD9479-4FF2-412C-AB26-5F46FB354653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "499EA838-5310-4C1C-B9E7-2AB90ACEAA2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6AFD50-926C-4579-A951-4EFDCBA512F0",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "A7C9CFAA-87BB-4FFE-9191-0A662E58A2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "062596D1-4466-46B6-B6B6-4403675B6A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCFD02F-5884-4A96-957D-4CEEDB3826BE",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "B41E614E-708B-4793-B10A-E264AC128AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DF398D47-F670-4669-B0BC-9BD9DEC553AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E136FA9E-48A2-428C-9F0A-CD9DB7F91581",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "DA96F7C3-B9DA-4B14-8C69-05A8BC1C4FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3F62D2F9-2D33-4E3F-B641-C721CF34B5C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4194305-CCA6-4710-94AA-CE0304E1AA44",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "BC69FAB1-C862-470A-8CBF-BB8751485611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8FD54572-2C29-4D2E-B15A-DE3A16D8E3CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF412BE-51E7-4839-B5D3-C4B29DD550CE",
"versionEndExcluding": "4.73",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_40_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "97239F61-5715-476B-BD20-B40746AAFE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_40_firmware:4.73:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FA798B77-D4B4-4F21-A543-A6C5AAD7878F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D84DDB81-DE66-4427-8833-633B45A45A14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99DA2CD9-A82D-4E08-AE79-360E353B5B21",
"versionEndExcluding": "4.73",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "1C2309AF-4FDB-4564-B2C4-B7BA67F1DA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:4.73:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8A04A40D-7093-49E3-A7A7-8C6F148F460F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F11F36C-60DB-4D81-A320-53EEE43758C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F73FA6-BD2F-470A-B0D7-AB1C0F210000",
"versionEndExcluding": "4.73",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "4C76684E-0F6D-4D89-8E59-343988366E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:4.73:patch1:*:*:*:*:*:*",
"matchCriteriaId": "14613F31-56A0-4F5B-9E1A-F316A4508F3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82864EF6-B63D-4947-A18C-AE0156CCA7FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "687AD63E-69C0-4D43-AFBB-B67605A4C44B",
"versionEndExcluding": "4.73",
"versionStartIncluding": "4.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_60_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "02C8DD42-9023-43B9-8B8B-BF9CC79E27E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_60_firmware:4.73:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8B7249A0-0AE1-4C01-BF04-BD8BA385C84D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C65DB5E9-2FE3-4807-970E-A42FDF82B50E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n de notificaci\u00f3n en las versiones de firmware de la serie Zyxel ATP 4.60 a 5.36 Parche 1, versiones de firmware de la serie USG FLEX 4.60 a 5.36 Parche 1, versiones de firmware USG FLEX 50(W) 4.60 a 5.36 Parche 1, USG20(W)- Las versiones de firmware VPN 4.60 a 5.36, parche 1, las versiones de firmware de la serie VPN 4.60 a 5.36, parche 1, las versiones de firmware de la serie ZyWALL/USG 4.60 a 4.73, parche 1, podr\u00edan permitir que un atacante no autenticado provoque condiciones de denegaci\u00f3n de servicio (DoS) e incluso un ejecuci\u00f3n remota de c\u00f3digo en un dispositivo afectado."
}
],
"id": "CVE-2023-33009",
"lastModified": "2025-10-27T17:04:58.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2023-05-24T13:15:09.560",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-33010
Vulnerability from fkie_nvd - Published: 2023-05-24 13:15 - Updated: 2025-10-27 17:04
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
References
Impacted products
{
"cisaActionDue": "2023-06-26",
"cisaExploitAdd": "2023-06-05",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zyxel Multiple Firewalls Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E39B94-291E-4E3A-8A89-B74FF063BA05",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "C5813B69-C1A3-4695-8B63-17994BBA1723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B61DE8A9-6A73-45EF-8C37-39138F39168A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84A41F09-4474-4ABC-B2FA-92B17F63A7CA",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "49FF3D01-C9AA-452C-A079-3180DC8DB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8ABED29D-8074-46AB-8A0F-759B0653691B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7E5F75-5577-4511-A1F4-1BD142D60BD5",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "9801F3AB-4560-44AA-934F-0A6D31F46195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2A0E5B17-00E0-4CB0-9787-D6A8C8E1E0BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F79940-F737-4A71-9FAC-1F99E0BCE450",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "3CBAF763-195F-4B36-A450-719931B86650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4CB974EC-859A-4B74-8A60-98A5406E8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7728D2C4-0B0A-404E-92BC-AAA1A1987BFD",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "F4CF847A-A858-43A6-B35B-91455682E382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9BE980D6-9D39-41B9-A35C-1879B72F4146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791D6928-BE82-4678-A8A4-39C9D9A1C684",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "BA1C872C-9192-410D-86F1-55CDF07DE77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "EECC0FB9-DED8-4ACF-A627-0537F3EE8C65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "DA9E3C5E-9447-40D2-9036-6097FF433433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "12F0F5D8-AC3F-4485-A013-5109FB796FF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "EF66A8A2-EE45-43ED-8F5A-FF488AC39943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "F185DD94-DDA0-4B37-BADE-8468BA08CC02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65ACDFE-3A54-46D6-98CA-2D51957072AF",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "23E7810E-370E-4405-B7A2-C988511BE7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8571FFB9-A90D-4EBD-87C0-F5119D142CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B8FF81-5020-429E-ABC7-D0F18A5177F5",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "46E17CE0-8EA7-4188-B3E7-DBD1D30C8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C3D2B551-E080-4F75-A0C7-30D9E684EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0F817C-6388-41E2-9F80-9B5427036865",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "9A4E9538-EFB8-4181-A48B-D9B09F124B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9ECBAE12-DD16-476C-A2F1-2DF5F334741D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "6ED353C3-7BD1-4270-8D70-0B3D51C276E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "AEA17444-10FA-4B93-A2D3-5D00151C12C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0751B297-FB9F-4F44-BF19-1C7668B8B757",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "206BCF6E-CEB7-4972-B321-ED3CAFD92E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "18F99AF2-8419-4ADC-9F46-D53C177BA50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "107BB5B9-9C04-4C35-88AD-4D59ECD17778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "5776089E-F9F4-4A0E-A169-FA1FC4DC6329",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB329984-D2A1-40B4-826D-78643B8DD4C8",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "B5FD9479-4FF2-412C-AB26-5F46FB354653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "499EA838-5310-4C1C-B9E7-2AB90ACEAA2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B01FA34A-CA33-48E7-978C-638FC678C9C1",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "A7C9CFAA-87BB-4FFE-9191-0A662E58A2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "062596D1-4466-46B6-B6B6-4403675B6A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0135FFF-62FA-4AEA-8B67-1CCA2D85D8E0",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "B41E614E-708B-4793-B10A-E264AC128AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DF398D47-F670-4669-B0BC-9BD9DEC553AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB62871-BC40-43D8-A486-471CD9316332",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "DA96F7C3-B9DA-4B14-8C69-05A8BC1C4FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3F62D2F9-2D33-4E3F-B641-C721CF34B5C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7079103C-ED92-40C3-AF42-4689822A96E2",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.36:-:*:*:*:*:*:*",
"matchCriteriaId": "BC69FAB1-C862-470A-8CBF-BB8751485611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.36:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8FD54572-2C29-4D2E-B15A-DE3A16D8E3CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24F44F62-BE75-45DE-9160-E807F6789BE1",
"versionEndExcluding": "4.73",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_40_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "97239F61-5715-476B-BD20-B40746AAFE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_40_firmware:4.73:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FA798B77-D4B4-4F21-A543-A6C5AAD7878F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D84DDB81-DE66-4427-8833-633B45A45A14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C7AA79-C28C-4075-B420-FE41D106D6C6",
"versionEndExcluding": "4.73",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "1C2309AF-4FDB-4564-B2C4-B7BA67F1DA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:4.73:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8A04A40D-7093-49E3-A7A7-8C6F148F460F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F11F36C-60DB-4D81-A320-53EEE43758C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "560B1BFF-DB43-426C-A3B9-BF9A595EA62F",
"versionEndExcluding": "4.73",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "4C76684E-0F6D-4D89-8E59-343988366E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:4.73:patch1:*:*:*:*:*:*",
"matchCriteriaId": "14613F31-56A0-4F5B-9E1A-F316A4508F3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82864EF6-B63D-4947-A18C-AE0156CCA7FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3208CBB7-A4A2-4D92-9A40-766328C0CE4E",
"versionEndExcluding": "4.73",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_60_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "02C8DD42-9023-43B9-8B8B-BF9CC79E27E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_60_firmware:4.73:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8B7249A0-0AE1-4C01-BF04-BD8BA385C84D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C65DB5E9-2FE3-4807-970E-A42FDF82B50E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device."
}
],
"id": "CVE-2023-33010",
"lastModified": "2025-10-27T17:04:54.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-24T13:15:09.640",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-22918
Vulnerability from fkie_nvd - Published: 2023-04-24 18:15 - Updated: 2024-11-21 07:45
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84A41F09-4474-4ABC-B2FA-92B17F63A7CA",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E39B94-291E-4E3A-8A89-B74FF063BA05",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7728D2C4-0B0A-404E-92BC-AAA1A1987BFD",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7E5F75-5577-4511-A1F4-1BD142D60BD5",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F79940-F737-4A71-9FAC-1F99E0BCE450",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791D6928-BE82-4678-A8A4-39C9D9A1C684",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07895A23-2B15-4631-A55A-798B35A63E2D",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65ACDFE-3A54-46D6-98CA-2D51957072AF",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B8FF81-5020-429E-ABC7-D0F18A5177F5",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0F817C-6388-41E2-9F80-9B5427036865",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D65F0EC-7ACA-4B80-8D4E-2C1459837D15",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "224300FB-2462-4E88-A41E-E9E8EAE9CF48",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F61480ED-BBF0-49EC-A814-CEFDE1FBFA08",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7079103C-ED92-40C3-AF42-4689822A96E2",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB329984-D2A1-40B4-826D-78643B8DD4C8",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB62871-BC40-43D8-A486-471CD9316332",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0135FFF-62FA-4AEA-8B67-1CCA2D85D8E0",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B01FA34A-CA33-48E7-978C-638FC678C9C1",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nap203_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85AA4E30-0A0E-4353-B88D-A856B83162DF",
"versionEndIncluding": "6.28\\(abfa.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nap203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80AE2CEA-90AC-421A-86BB-F404CDE7785D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nap303_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36AD6F34-B17E-4853-9375-62B51DE5F1D2",
"versionEndIncluding": "6.28\\(abex.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nap303:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BF5D4C-DB8E-4077-BE78-C73AA203406C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nap353_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49E8EA12-187E-402B-866A-9125B2287292",
"versionEndIncluding": "6.28\\(abey.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nap353:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCEC13E-3D1C-4B42-87F5-94FE1066C218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58E64F26-5465-4BD8-A948-39022B5AAA52",
"versionEndIncluding": "6.50\\(abtg.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa1123-ac_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DEEFBF-DD32-40E5-A431-BE6A93D529A4",
"versionEndIncluding": "6.25\\(abin.9\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa1123-ac_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0FB576-76A2-4A25-979E-5E5B3BF5C636",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa1123-ac-pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3448A074-A9B8-40BD-8DFA-E7097E402750",
"versionEndIncluding": "6.28\\(abhd.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa1123-ac-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC66B07-67FB-47F6-B54B-E40BE89F33A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC6F464-DAE9-42CE-9339-C5E35B90B17B",
"versionEndIncluding": "6.50\\(abvt.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE46E92-D9DD-439C-BD41-88738FA652B7",
"versionEndIncluding": "6.50\\(abtd.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DECB1230-D22C-4FBD-909C-6315B66B189D",
"versionEndIncluding": "6.50\\(acco.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B73F329-98E5-496F-BE38-47DD023DCB64",
"versionEndIncluding": "6.55\\(acge.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5804045-E32E-40E0-B42E-80755C385974",
"versionEndIncluding": "6.50\\(acge.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa5123-ac_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "881C0001-B6CA-409D-8901-653227098219",
"versionEndIncluding": "6.25\\(abim.9\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa5123-ac_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85300F-9207-438C-A149-80FC7C6C0746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4484EA94-3E1D-4DA8-B612-A35D50DC1103",
"versionEndIncluding": "6.29\\(abzl.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D091EB4-A1FC-4E5F-AEE2-6EF879DC5B0A",
"versionEndIncluding": "6.29\\(accv.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4FF6556-2B10-4A8C-9325-0A6D4B41E529",
"versionEndIncluding": "6.50\\(acgf.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D277464-AF76-4799-9B71-E96CB12BE0C0",
"versionEndIncluding": "6.50\\(abvs.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57DFDE05-C95F-446B-BA97-98EBA11C9794",
"versionEndIncluding": "6.50\\(abwa.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac5302d-sv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84A8FBD7-8461-474E-AFB1-BCAE24D4A2CD",
"versionEndIncluding": "6.25\\(abvz.9\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac5302d-sv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A690501F-DC2D-4F90-ABC0-33B5F1279C36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac6103d-i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF539FD-EDEA-4D37-8F1C-267884A617EF",
"versionEndIncluding": "6.28\\(aaxh.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6103d-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "341DB051-7F01-4B36-BA15-EBC25FACB439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac6303d-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "622C2163-0B2F-4A32-B5C4-4111B8EC9096",
"versionEndIncluding": "6.25\\(abgl.9\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6303d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F08117-0BCE-4EA1-8DA7-1AC4EFF67E2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac6502d-e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A929856C-58D2-41AB-9EAC-E655123FD4FE",
"versionEndIncluding": "6.28\\(aasd.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6502d-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8842C8-FB0A-46F0-9BB4-CAC6334D1E51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac6502d-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB36BF49-E31B-4F35-84B9-3EF20989FE2A",
"versionEndIncluding": "6.28\\(aase.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6502d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD108388-ABE5-4142-910F-C3C8B1C13617",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac6503d-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA23320-A0E2-4A63-A20A-1F5FD7504C5F",
"versionEndIncluding": "6.28\\(aasf.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6503d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DFDF64A-17F5-4F05-8700-DCA36CCB6F2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac6552d-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E49B6FA1-4FCE-4802-8FCA-988048D9A595",
"versionEndIncluding": "6.28\\(abio.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6552d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD47738A-9001-4CC1-8FED-1D1CFC56F548",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac6553d-e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD253268-2B7D-43BF-86BD-E603A52FD98A",
"versionEndIncluding": "6.28\\(aasg.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6553d-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55273BCE-4F2C-4ED9-9FCB-D1197555BD53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C89819-CCB6-42A0-8045-850D544D1BBA",
"versionEndIncluding": "6.50\\(abtf.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA21E78C-585A-4689-96B7-18C5DB44D2DE",
"versionEndIncluding": "6.50\\(abte.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B470158-EE21-45EB-BDEC-5396DE9CB23C",
"versionEndIncluding": "6.50\\(accn.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43DD5397-02A9-40DD-BD02-052095CB8DDB",
"versionEndIncluding": "6.50\\(abzd.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F946BABC-A982-4625-AD9F-962C6FBDFDE9",
"versionEndIncluding": "6.50\\(accm.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2260165C-2483-4F48-8E70-DC82B5DA1554",
"versionEndIncluding": "6.50\\(abrm.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B0AE56-107B-41E2-A06A-BC8DC0A32FE7",
"versionEndIncluding": "6.50\\(acdo.2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device."
}
],
"id": "CVE-2023-22918",
"lastModified": "2024-11-21T07:45:38.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-24T18:15:09.027",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27991
Vulnerability from fkie_nvd - Published: 2023-04-24 18:15 - Updated: 2024-11-21 07:53
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | atp200_firmware | * | |
| zyxel | atp200 | - | |
| zyxel | atp100_firmware | * | |
| zyxel | atp100 | - | |
| zyxel | atp700_firmware | * | |
| zyxel | atp700 | - | |
| zyxel | atp500_firmware | * | |
| zyxel | atp500 | - | |
| zyxel | atp100w_firmware | * | |
| zyxel | atp100w | - | |
| zyxel | atp800_firmware | * | |
| zyxel | atp800 | - | |
| zyxel | usg_flex_100_firmware | * | |
| zyxel | usg_flex_100 | - | |
| zyxel | usg_flex_50_firmware | * | |
| zyxel | usg_flex_50 | - | |
| zyxel | usg_flex_200_firmware | * | |
| zyxel | usg_flex_200 | - | |
| zyxel | usg_flex_500_firmware | * | |
| zyxel | usg_flex_500 | - | |
| zyxel | usg_flex_700_firmware | * | |
| zyxel | usg_flex_700 | - | |
| zyxel | usg_flex_100w_firmware | * | |
| zyxel | usg_flex_100w | - | |
| zyxel | usg_20w-vpn_firmware | * | |
| zyxel | usg_20w-vpn | - | |
| zyxel | usg_flex_50w_firmware | * | |
| zyxel | usg_flex_50w | - | |
| zyxel | usg20-vpn_firmware | * | |
| zyxel | usg20-vpn | - | |
| zyxel | vpn100_firmware | * | |
| zyxel | vpn100 | - | |
| zyxel | vpn1000_firmware | * | |
| zyxel | vpn1000 | - | |
| zyxel | vpn300_firmware | * | |
| zyxel | vpn300 | - | |
| zyxel | vpn50_firmware | * | |
| zyxel | vpn50 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84A41F09-4474-4ABC-B2FA-92B17F63A7CA",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E39B94-291E-4E3A-8A89-B74FF063BA05",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7728D2C4-0B0A-404E-92BC-AAA1A1987BFD",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7E5F75-5577-4511-A1F4-1BD142D60BD5",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F79940-F737-4A71-9FAC-1F99E0BCE450",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791D6928-BE82-4678-A8A4-39C9D9A1C684",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07895A23-2B15-4631-A55A-798B35A63E2D",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65ACDFE-3A54-46D6-98CA-2D51957072AF",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B8FF81-5020-429E-ABC7-D0F18A5177F5",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0F817C-6388-41E2-9F80-9B5427036865",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D65F0EC-7ACA-4B80-8D4E-2C1459837D15",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "224300FB-2462-4E88-A41E-E9E8EAE9CF48",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F61480ED-BBF0-49EC-A814-CEFDE1FBFA08",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7079103C-ED92-40C3-AF42-4689822A96E2",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB329984-D2A1-40B4-826D-78643B8DD4C8",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB62871-BC40-43D8-A486-471CD9316332",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0135FFF-62FA-4AEA-8B67-1CCA2D85D8E0",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B01FA34A-CA33-48E7-978C-638FC678C9C1",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely."
}
],
"id": "CVE-2023-27991",
"lastModified": "2024-11-21T07:53:53.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-24T18:15:09.497",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27990
Vulnerability from fkie_nvd - Published: 2023-04-24 18:15 - Updated: 2024-11-21 07:53
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | atp200_firmware | * | |
| zyxel | atp200 | - | |
| zyxel | atp100_firmware | * | |
| zyxel | atp100 | - | |
| zyxel | atp700_firmware | * | |
| zyxel | atp700 | - | |
| zyxel | atp500_firmware | * | |
| zyxel | atp500 | - | |
| zyxel | atp100w_firmware | * | |
| zyxel | atp100w | - | |
| zyxel | atp800_firmware | * | |
| zyxel | atp800 | - | |
| zyxel | usg_flex_100_firmware | * | |
| zyxel | usg_flex_100 | - | |
| zyxel | usg_flex_50_firmware | * | |
| zyxel | usg_flex_50 | - | |
| zyxel | usg_flex_200_firmware | * | |
| zyxel | usg_flex_200 | - | |
| zyxel | usg_flex_500_firmware | * | |
| zyxel | usg_flex_500 | - | |
| zyxel | usg_flex_700_firmware | * | |
| zyxel | usg_flex_700 | - | |
| zyxel | usg_flex_100w_firmware | * | |
| zyxel | usg_flex_100w | - | |
| zyxel | usg_20w-vpn_firmware | * | |
| zyxel | usg_20w-vpn | - | |
| zyxel | usg_flex_50w_firmware | * | |
| zyxel | usg_flex_50w | - | |
| zyxel | usg20-vpn_firmware | * | |
| zyxel | usg20-vpn | - | |
| zyxel | vpn100_firmware | * | |
| zyxel | vpn100 | - | |
| zyxel | vpn1000_firmware | * | |
| zyxel | vpn1000 | - | |
| zyxel | vpn300_firmware | * | |
| zyxel | vpn300 | - | |
| zyxel | vpn50_firmware | * | |
| zyxel | vpn50 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84A41F09-4474-4ABC-B2FA-92B17F63A7CA",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E39B94-291E-4E3A-8A89-B74FF063BA05",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7728D2C4-0B0A-404E-92BC-AAA1A1987BFD",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7E5F75-5577-4511-A1F4-1BD142D60BD5",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F79940-F737-4A71-9FAC-1F99E0BCE450",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791D6928-BE82-4678-A8A4-39C9D9A1C684",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07895A23-2B15-4631-A55A-798B35A63E2D",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65ACDFE-3A54-46D6-98CA-2D51957072AF",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B8FF81-5020-429E-ABC7-D0F18A5177F5",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0F817C-6388-41E2-9F80-9B5427036865",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D65F0EC-7ACA-4B80-8D4E-2C1459837D15",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "224300FB-2462-4E88-A41E-E9E8EAE9CF48",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F61480ED-BBF0-49EC-A814-CEFDE1FBFA08",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7079103C-ED92-40C3-AF42-4689822A96E2",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB329984-D2A1-40B4-826D-78643B8DD4C8",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB62871-BC40-43D8-A486-471CD9316332",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0135FFF-62FA-4AEA-8B67-1CCA2D85D8E0",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B01FA34A-CA33-48E7-978C-638FC678C9C1",
"versionEndExcluding": "5.36",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.\n\n"
}
],
"id": "CVE-2023-27990",
"lastModified": "2024-11-21T07:53:53.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-24T18:15:09.440",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-38547
Vulnerability from fkie_nvd - Published: 2023-02-07 02:15 - Updated: 2024-11-21 07:16
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EE6E9E-25BA-4F9A-B13A-9A4A405E24DC",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35945749-7707-4057-A23C-F69615D78C9D",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA692134-7730-4518-9CB1-BDAE32578EA7",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A202967-379D-41C2-AF18-C287CD075677",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "467CC4CE-B69F-4341-B35B-293C36BEC8F1",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84116343-9050-47AD-8C5D-6C69247BAE98",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A27B3207-D9E6-418D-AD64-A578E4DE77E6",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7108742C-1064-4657-9932-87BDBE1E2AC5",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA8914D-F868-4ECC-B110-FCA5C3C9EBA5",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55177D6F-BD50-49EE-B8F8-2AFB3D2B0FFC",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3ACF88-2143-4D19-8C64-64170DC1771B",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C26CCE16-5719-4B2D-AC1D-AD2354A61046",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "879037A2-5CCF-44C5-9B70-DA8E79AD3343",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD415B02-D7C2-4C23-B0EF-2E13DFF5CFD1",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9026D87-7D08-46D7-A9A6-6758FA7A5D0D",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1071A736-AE03-4C49-9F19-4E7B77E31C3E",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A625626B-2E60-4D54-A4FC-80B7C59EAC7A",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "509B75A6-B827-4328-B9F8-C0828279A29E",
"versionEndIncluding": "5.32",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F486DCF-02EB-49DC-862A-3CE9B55D8210",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A7F2DF-F22C-49DA-9563-BAFD59011B70",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36CDEEE3-8284-4759-9B23-72989BBABBDD",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "149EABE0-AAB1-41C2-9A34-2C25650B83BF",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFEBB3B-F29D-4EE7-9ECE-F7711783A0EF",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BE4050-32D8-4306-A668-14F3CC8169EC",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCCCD01-5009-48B3-9484-925D5436C6D9",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en el comando CLI de las versiones de firmware de la serie Zyxel ZyWALL/USG 4.20 a 4.72, las versiones de firmware de la serie VPN 4.30 a 5.32, las versiones de firmware de la serie USG FLEX 4.50 a 5.32 y las versiones de firmware de la serie ATP 4.32 a 5.32, que podr\u00eda permitir que un atacante autenticado con privilegios de administrador ejecute comandos del sistema operativo."
}
],
"id": "CVE-2022-38547",
"lastModified": "2024-11-21T07:16:39.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-07T02:15:07.883",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-rce-in-firewalls"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-rce-in-firewalls"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-30526
Vulnerability from fkie_nvd - Published: 2022-07-19 06:15 - Updated: 2024-11-21 07:02
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "168114AC-C949-4CA5-B4B4-BF9FB5890DA2",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFADF80-716E-4000-93D4-0CB3B277BA25",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FABAFF3-61E8-4C97-BEFE-1D68788167FB",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C293BE-791E-4D1C-8E72-9E0464444274",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5094FAF7-6D9A-44EF-B779-86468D82B03C",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF21C51-050F-4B01-9618-60919AEFEC6A",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A72101-97B4-4770-A6F7-D25B3A0AE45E",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "650D7D9B-65A7-4949-9F6C-9A3B7BDD17F5",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C376DD7-8378-42BE-92F1-872500E882D4",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DC83BF-6F99-4345-BE51-4FB93F38FD21",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E464C22-5D8C-4D85-9F65-8485972C3524",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A44B6A-B1BC-481F-9D08-61E50F58EB1A",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBB154D-46EB-4D97-B5F4-01ADA359C5AC",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0BC145-7EF2-4B13-BE26-A567EEF06613",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75627990-29D4-40F3-8E66-975F1898B6D5",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F357DD8-0C9E-418E-98B4-0F1292AA7176",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "352F3388-9107-4B41-AAD8-D11965D78240",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1F7BCE-342F-4847-BB89-2B47384A54C9",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F7F370-C585-45FE-A7F7-40BFF13928CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FBACC4-A37C-4023-A656-F3428A74D542",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C3F76A-6963-4B2F-AAF4-9E3BBB0627D6",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61ED5800-D09B-4953-AB0F-65AE3EF33C57",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E65AC2-F493-4E10-924B-3F5D5FE2B6FF",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "611A3CB1-D0ED-4B4E-A28E-D69ED31035DF",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D546A4A3-130F-439C-9C28-8D18870F0A58",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED1826F-286E-4795-87C4-6FFD997BDB46",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de escalada de privilegios en el comando CLI del firmware Zyxel USG FLEX 100(W) versiones 4.50 a 5.30, firmware USG FLEX 200 versiones 4.50 a 5.30, firmware USG FLEX 500 versiones 4.50 a 5.30, firmware USG FLEX 700 versiones 4.50 a 5.30, firmware USG FLEX 50(W) versiones 4.16 a 5. 30, firmware USG20(W)-VPN versiones 4.16 a 5.30, firmware de la serie ATP versiones 4.32 a 5.30, firmware de la serie VPN versiones 4.30 a 5.30, firmware de la serie USG/ZyWALL versiones 4.09 a 4.72, lo que podr\u00eda permitir a un atacante local ejecutar algunos comandos del sistema operativo con privilegios de root en algunos directorios de un dispositivo vulnerable."
}
],
"id": "CVE-2022-30526",
"lastModified": "2024-11-21T07:02:52.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-19T06:15:08.827",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html"
},
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-2030
Vulnerability from fkie_nvd - Published: 2022-07-19 06:15 - Updated: 2024-11-21 07:00
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "168114AC-C949-4CA5-B4B4-BF9FB5890DA2",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFADF80-716E-4000-93D4-0CB3B277BA25",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FABAFF3-61E8-4C97-BEFE-1D68788167FB",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C293BE-791E-4D1C-8E72-9E0464444274",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C9ECE5-14ED-4B0C-B4FF-F00E35A9AFF0",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F666507D-EE3E-493A-9DF5-D7773305985D",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A72101-97B4-4770-A6F7-D25B3A0AE45E",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "650D7D9B-65A7-4949-9F6C-9A3B7BDD17F5",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C376DD7-8378-42BE-92F1-872500E882D4",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DC83BF-6F99-4345-BE51-4FB93F38FD21",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E464C22-5D8C-4D85-9F65-8485972C3524",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A44B6A-B1BC-481F-9D08-61E50F58EB1A",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBB154D-46EB-4D97-B5F4-01ADA359C5AC",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0BC145-7EF2-4B13-BE26-A567EEF06613",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75627990-29D4-40F3-8E66-975F1898B6D5",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F357DD8-0C9E-418E-98B4-0F1292AA7176",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "352F3388-9107-4B41-AAD8-D11965D78240",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1F7BCE-342F-4847-BB89-2B47384A54C9",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F7F370-C585-45FE-A7F7-40BFF13928CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FBACC4-A37C-4023-A656-F3428A74D542",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C3F76A-6963-4B2F-AAF4-9E3BBB0627D6",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61ED5800-D09B-4953-AB0F-65AE3EF33C57",
"versionEndIncluding": "5.30",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F486DCF-02EB-49DC-862A-3CE9B55D8210",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A7F2DF-F22C-49DA-9563-BAFD59011B70",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36CDEEE3-8284-4759-9B23-72989BBABBDD",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "149EABE0-AAB1-41C2-9A34-2C25650B83BF",
"versionEndIncluding": "4.72",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de salto de directorio causada por secuencias de caracteres espec\u00edficas dentro de una URL saneada inapropiadamente en algunos programas CGI de las versiones 4.50 a 5.30 del firmware Zyxel USG FLEX 100(W), versiones 4.50 a 5.30 del firmware USG FLEX 200, versiones 4.50 a 5.30 del firmware USG FLEX 500, versiones 4.50 a 5.30 del firmware USG FLEX 700. 30, firmware USG FLEX 50(W) versiones 4.16 a 5.30, firmware USG20(W)-VPN versiones 4.16 a 5.30, firmware de la serie ATP versiones 4.32 a 5.30, firmware de la serie VPN versiones 4.30 a 5.30, firmware de la serie USG/ZyWALL versiones 4.11 a 4.72, que podr\u00eda permitir a un atacante autenticado acceder a algunos archivos restringidos en un dispositivo vulnerable.\n"
}
],
"id": "CVE-2022-2030",
"lastModified": "2024-11-21T07:00:12.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-19T06:15:08.383",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-6764 (GCVE-0-2023-6764)
Vulnerability from cvelistv5 – Published: 2024-02-20 02:14 – Updated: 2024-08-02 08:42
VLAI?
Summary
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
Severity ?
8.1 (High)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
version 4.32 through 5.37 Patch 1
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atp_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37patch1",
"status": "affected",
"version": "4.32",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37patch1",
"status": "affected",
"version": "4.50",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_50w_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37patch1",
"status": "affected",
"version": "4.16",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_20w-vpn_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_20w-vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37patch1",
"status": "affected",
"version": "4.16",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T05:01:05.440386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T20:53:09.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.32 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.50 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T02:14:09.814Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-6764",
"datePublished": "2024-02-20T02:14:09.814Z",
"dateReserved": "2023-12-13T08:39:31.993Z",
"dateUpdated": "2024-08-02T08:42:07.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6399 (GCVE-0-2023-6399)
Vulnerability from cvelistv5 – Published: 2024-02-20 01:42 – Updated: 2024-08-02 08:28
VLAI?
Summary
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
Severity ?
5.7 (Medium)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
version 4.32 through 5.37 Patch 1
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:30:36.983773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:43.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.32 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.50 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": " USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX H series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 1.10 through 1.10 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\u0026nbsp;USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \u201cdeviceid\u201d daemon by sending a crafted hostname to an affected device if it has the \u201cDevice Insight\u201d feature enabled."
}
],
"value": "A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\u00a0USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \u201cdeviceid\u201d daemon by sending a crafted hostname to an affected device if it has the \u201cDevice Insight\u201d feature enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T09:20:18.921Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-6399",
"datePublished": "2024-02-20T01:42:21.027Z",
"dateReserved": "2023-11-30T07:58:19.503Z",
"dateUpdated": "2024-08-02T08:28:21.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6398 (GCVE-0-2023-6398)
Vulnerability from cvelistv5 – Published: 2024-02-20 01:34 – Updated: 2024-08-25 15:46
VLAI?
Summary
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,
USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,
NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
version 4.32 through 5.37 Patch 1
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atp800_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37_patch1",
"status": "affected",
"version": "4.32",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_700_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "5.37_patch1",
"status": "affected",
"version": "4.50",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nwa50ax_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nwa50ax_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "6.29\\(abyw.4\\)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wac500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wac500_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "6.70\\(abvs.1\\)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wax300h_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "6.70\\(achf.1\\)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wbe660s_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "6.70\\(acgg.1\\)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_20w-vpn_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_20w-vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37_patch1",
"status": "affected",
"version": "4.16",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T05:01:04.429989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-25T15:46:49.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.32 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.50 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": " version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": " NWA50AX firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.29(ABYW.4)"
}
]
},
{
"defaultStatus": "unaffected",
"product": " WAC500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.70(ABVS.1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WAX300H firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.70(ACHF.1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WBE660S firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.70(ACGG.1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX H series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 1.10 through 1.10 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, \n\nUSG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,\n\nNWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
}
],
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, \n\nUSG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,\n\nNWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T09:17:30.230Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-6398",
"datePublished": "2024-02-20T01:34:32.229Z",
"dateReserved": "2023-11-30T07:58:16.356Z",
"dateUpdated": "2024-08-25T15:46:49.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33009 (GCVE-0-2023-33009)
Vulnerability from cvelistv5 – Published: 2023-05-24 00:00 – Updated: 2025-10-21 23:05
VLAI?
Summary
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
Severity ?
9.8 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.60 through 5.36 Patch 1
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33009",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:14:56.233928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:47.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-05T00:00:00+00:00",
"value": "CVE-2023-33009 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 4.73 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T06:17:00.675Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-33009",
"datePublished": "2023-05-24T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:47.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33010 (GCVE-0-2023-33010)
Vulnerability from cvelistv5 – Published: 2023-05-24 00:00 – Updated: 2025-10-21 23:05
VLAI?
Summary
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
Severity ?
9.8 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.36 Patch 1
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33010",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:00:52.460065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:47.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-05T00:00:00+00:00",
"value": "CVE-2023-33010 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.36 Patch 1"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.36 Patch 1"
}
]
},
{
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 5.36 Patch 1"
}
]
},
{
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 5.36 Patch 1"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.36 Patch 1"
}
]
},
{
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 4.73 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-33010",
"datePublished": "2023-05-24T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:47.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27991 (GCVE-0-2023-27991)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 16:47
VLAI?
Summary
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.35
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:47:50.878412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:47:55.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.35"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.35"
}
]
},
{
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-27991",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-03-09T00:00:00.000Z",
"dateUpdated": "2025-02-04T16:47:55.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22918 (GCVE-0-2023-22918)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-12 16:01
VLAI?
Summary
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device.
Severity ?
6.5 (Medium)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.35
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:34:08.539867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:01:35.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.35"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.35"
}
]
},
{
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.35"
}
]
},
{
"product": "NWA110AX firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.50(ABTG.2)"
}
]
},
{
"product": "WAC500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.50(ABVS.0)"
}
]
},
{
"product": "WAX510D firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.50(ABTF.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-22918",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-01-10T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:01:35.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27990 (GCVE-0-2023-27990)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2024-08-02 12:23
VLAI?
Summary
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.35
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe cross-site scripting (\u003c/span\u003eXSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.\u003c/p\u003e"
}
],
"value": "The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:45:53.586Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-27990",
"datePublished": "2023-04-24T00:00:00",
"dateReserved": "2023-03-09T00:00:00",
"dateUpdated": "2024-08-02T12:23:30.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38547 (GCVE-0-2022-38547)
Vulnerability from cvelistv5 – Published: 2023-02-07 00:00 – Updated: 2025-03-25 15:39
VLAI?
Summary
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ZyWALL/USG series firmware |
Affected:
4.20 through 4.72
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:04.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-rce-in-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T15:39:35.477790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:39:42.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.20 through 4.72"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.32"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.32"
}
]
},
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-07T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-rce-in-firewalls"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-38547",
"datePublished": "2023-02-07T00:00:00.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-03-25T15:39:42.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2030 (GCVE-0-2022-2030)
Vulnerability from cvelistv5 – Published: 2022-07-19 05:55 – Updated: 2024-08-03 00:24
VLAI?
Summary
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | USG FLEX 100(W) firmware |
Affected:
4.50 through 5.30
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "USG FLEX 100(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.30"
}
]
},
{
"product": "USG FLEX 200 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.30"
}
]
},
{
"product": "USG FLEX 500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.30"
}
]
},
{
"product": "USG FLEX 700 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.30"
}
]
},
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.30"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.30"
}
]
},
{
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.30"
}
]
},
{
"product": "USG 20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.30"
}
]
},
{
"product": "USG/ZyWALL series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.11 through 4.72"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T05:55:11",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-2030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG FLEX 100(W) firmware",
"version": {
"version_data": [
{
"version_value": "4.50 through 5.30"
}
]
}
},
{
"product_name": "USG FLEX 200 firmware",
"version": {
"version_data": [
{
"version_value": "4.50 through 5.30"
}
]
}
},
{
"product_name": "USG FLEX 500 firmware",
"version": {
"version_data": [
{
"version_value": "4.50 through 5.30"
}
]
}
},
{
"product_name": "USG FLEX 700 firmware",
"version": {
"version_data": [
{
"version_value": "4.50 through 5.30"
}
]
}
},
{
"product_name": "ATP series firmware",
"version": {
"version_data": [
{
"version_value": "4.32 through 5.30"
}
]
}
},
{
"product_name": "VPN series firmware",
"version": {
"version_data": [
{
"version_value": "4.30 through 5.30"
}
]
}
},
{
"product_name": "USG FLEX 50(W) firmware",
"version": {
"version_data": [
{
"version_value": "4.16 through 5.30"
}
]
}
},
{
"product_name": "USG 20(W)-VPN firmware",
"version": {
"version_data": [
{
"version_value": "4.16 through 5.30"
}
]
}
},
{
"product_name": "USG/ZyWALL series firmware",
"version": {
"version_data": [
{
"version_value": "4.11 through 4.72"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-2030",
"datePublished": "2022-07-19T05:55:11",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6764 (GCVE-0-2023-6764)
Vulnerability from nvd – Published: 2024-02-20 02:14 – Updated: 2024-08-02 08:42
VLAI?
Summary
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
Severity ?
8.1 (High)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
version 4.32 through 5.37 Patch 1
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atp_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37patch1",
"status": "affected",
"version": "4.32",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37patch1",
"status": "affected",
"version": "4.50",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_50w_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37patch1",
"status": "affected",
"version": "4.16",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_20w-vpn_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_20w-vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37patch1",
"status": "affected",
"version": "4.16",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T05:01:05.440386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T20:53:09.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.32 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.50 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T02:14:09.814Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-6764",
"datePublished": "2024-02-20T02:14:09.814Z",
"dateReserved": "2023-12-13T08:39:31.993Z",
"dateUpdated": "2024-08-02T08:42:07.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6399 (GCVE-0-2023-6399)
Vulnerability from nvd – Published: 2024-02-20 01:42 – Updated: 2024-08-02 08:28
VLAI?
Summary
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
Severity ?
5.7 (Medium)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
version 4.32 through 5.37 Patch 1
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:30:36.983773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:43.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.32 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.50 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": " USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX H series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 1.10 through 1.10 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\u0026nbsp;USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \u201cdeviceid\u201d daemon by sending a crafted hostname to an affected device if it has the \u201cDevice Insight\u201d feature enabled."
}
],
"value": "A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\u00a0USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \u201cdeviceid\u201d daemon by sending a crafted hostname to an affected device if it has the \u201cDevice Insight\u201d feature enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T09:20:18.921Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-6399",
"datePublished": "2024-02-20T01:42:21.027Z",
"dateReserved": "2023-11-30T07:58:19.503Z",
"dateUpdated": "2024-08-02T08:28:21.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6398 (GCVE-0-2023-6398)
Vulnerability from nvd – Published: 2024-02-20 01:34 – Updated: 2024-08-25 15:46
VLAI?
Summary
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,
USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,
NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
version 4.32 through 5.37 Patch 1
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atp800_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37_patch1",
"status": "affected",
"version": "4.32",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_700_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "5.37_patch1",
"status": "affected",
"version": "4.50",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nwa50ax_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nwa50ax_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "6.29\\(abyw.4\\)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wac500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wac500_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "6.70\\(abvs.1\\)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wax300h_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "6.70\\(achf.1\\)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wbe660s_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "6.70\\(acgg.1\\)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_20w-vpn_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_20w-vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.37_patch1",
"status": "affected",
"version": "4.16",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T05:01:04.429989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-25T15:46:49.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.32 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.50 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": " version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 4.16 through 5.37 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": " NWA50AX firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.29(ABYW.4)"
}
]
},
{
"defaultStatus": "unaffected",
"product": " WAC500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.70(ABVS.1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WAX300H firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.70(ACHF.1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WBE660S firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.70(ACGG.1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX H series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version 1.10 through 1.10 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, \n\nUSG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,\n\nNWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
}
],
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, \n\nUSG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,\n\nNWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T09:17:30.230Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-6398",
"datePublished": "2024-02-20T01:34:32.229Z",
"dateReserved": "2023-11-30T07:58:16.356Z",
"dateUpdated": "2024-08-25T15:46:49.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33009 (GCVE-0-2023-33009)
Vulnerability from nvd – Published: 2023-05-24 00:00 – Updated: 2025-10-21 23:05
VLAI?
Summary
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
Severity ?
9.8 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.60 through 5.36 Patch 1
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33009",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:14:56.233928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:47.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-05T00:00:00+00:00",
"value": "CVE-2023-33009 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 4.73 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T06:17:00.675Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-33009",
"datePublished": "2023-05-24T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:47.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33010 (GCVE-0-2023-33010)
Vulnerability from nvd – Published: 2023-05-24 00:00 – Updated: 2025-10-21 23:05
VLAI?
Summary
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
Severity ?
9.8 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.36 Patch 1
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33010",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:00:52.460065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:47.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-05T00:00:00+00:00",
"value": "CVE-2023-33010 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.36 Patch 1"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.36 Patch 1"
}
]
},
{
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 5.36 Patch 1"
}
]
},
{
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 5.36 Patch 1"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.36 Patch 1"
}
]
},
{
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 4.73 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-33010",
"datePublished": "2023-05-24T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:47.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27991 (GCVE-0-2023-27991)
Vulnerability from nvd – Published: 2023-04-24 00:00 – Updated: 2025-02-04 16:47
VLAI?
Summary
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.35
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:47:50.878412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:47:55.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.35"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.35"
}
]
},
{
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-27991",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-03-09T00:00:00.000Z",
"dateUpdated": "2025-02-04T16:47:55.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22918 (GCVE-0-2023-22918)
Vulnerability from nvd – Published: 2023-04-24 00:00 – Updated: 2025-02-12 16:01
VLAI?
Summary
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device.
Severity ?
6.5 (Medium)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.35
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:34:08.539867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:01:35.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.35"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.35"
}
]
},
{
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.35"
}
]
},
{
"product": "NWA110AX firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.50(ABTG.2)"
}
]
},
{
"product": "WAC500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.50(ABVS.0)"
}
]
},
{
"product": "WAX510D firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.50(ABTF.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-22918",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-01-10T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:01:35.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27990 (GCVE-0-2023-27990)
Vulnerability from nvd – Published: 2023-04-24 00:00 – Updated: 2024-08-02 12:23
VLAI?
Summary
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.35
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe cross-site scripting (\u003c/span\u003eXSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.\u003c/p\u003e"
}
],
"value": "The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:45:53.586Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-27990",
"datePublished": "2023-04-24T00:00:00",
"dateReserved": "2023-03-09T00:00:00",
"dateUpdated": "2024-08-02T12:23:30.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38547 (GCVE-0-2022-38547)
Vulnerability from nvd – Published: 2023-02-07 00:00 – Updated: 2025-03-25 15:39
VLAI?
Summary
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ZyWALL/USG series firmware |
Affected:
4.20 through 4.72
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:04.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-rce-in-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T15:39:35.477790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:39:42.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.20 through 4.72"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.32"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.32"
}
]
},
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-07T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-rce-in-firewalls"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-38547",
"datePublished": "2023-02-07T00:00:00.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-03-25T15:39:42.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}