Vulnerabilites related to zyxel - zywall_vpn50
Vulnerability from fkie_nvd
Published
2023-07-17 18:15
Modified
2024-11-21 08:06
Summary
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4043DC00-98EF-4E09-9A39-D9739E6E521F",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.16",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50222136-295B-434C-B5D1-A96A16386EEE",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D66CA5F-C85F-4D69-8F82-BDCF6FCB905C",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5E31FC3-E2EC-4909-BF8D-86775AF4D4B5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6EF9AA9-65D5-4D7B-A2BF-9150C6339282",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16DE9EA8-98AB-4EAA-AA98-122F64F8D4D2",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B221F5CD-C0C6-4917-AC15-FF1BA3904915",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "338384D8-1585-4AA7-90FB-E56F641E5A14",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "110A1CA4-0170-4834-8281-0A3E14FC5584",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0FA43EB7-3F72-4250-BE9A-7449B8AEF90F",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "23441FD0-F61A-4421-9F4D-E29565D3A83F",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A899D2DE-8C74-4EA1-BD87-B8BF37CBFB6D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "91CE19A7-74FC-4ACE-9048-8CECE8B26FDA",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7F65954-FF1A-46A4-A003-FF8B9666880A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DA7E90A-3449-4227-AFFC-8795391B5A03",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4F6D0AA-CDD4-4F1C-98F1-1B381023B3F4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2B0B676-B7EA-46A0-810D-952F0DA19529",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA85BCA2-CEF5-44EF-BEFB-5DA2638F5F37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8C4466-2347-44B8-B203-464F8A019B74",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D50CC94B-4EAA-44A7-AEF1-415491572FB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "900FD6A2-3B4A-45FF-8C19-1CD23F79C631",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EC7EB91-65C4-45EA-9CB4-3B3961724DCB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "90DDFD00-8BF4-457C-946C-0BA94C505082",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83846539-9C22-4697-AC89-3910B8526B55",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D3F001A-8790-463F-804B-CA5CAC610867",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F8AAB27-285D-407C-9177-BA1FB6B1D689",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECE9337E-37DC-416B-B311-C79B0315AE87",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D902D9D2-5215-4A70-9D16-F1C3BA10EE18",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77E31983-F7D5-4577-BFB1-64CD17D3DDAF",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1B81DDA-DDD5-4D9B-B631-815186E3839F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFADD089-824D-43AA-8AE0-C571C7DE29B1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "212C5E8E-774A-446E-B7C7-80C349160BC2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "48F7450B-74ED-423D-B5C9-CD08DE85C72D",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD872CA4-385D-49A9-B1DF-7C4467BD49AA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nxc2500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "075CD289-4377-4E6F-AE41-671DFBB2DEB4",
                     versionEndIncluding: "6.10\\(aaig.3\\)",
                     versionStartIncluding: "6.10\\(aaig.0\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nxc2500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BADED427-DEFF-4213-836B-C8EF0531C39A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nxc5500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5296D40F-B269-43D6-9D3B-D9FC18921FBA",
                     versionEndIncluding: "6.10\\(aaos.4\\)",
                     versionStartIncluding: "6.10\\(aaos.0\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nxc5500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A334B8B-8750-4519-B485-0AB0CECD212B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.",
      },
   ],
   id: "CVE-2023-34140",
   lastModified: "2024-11-21T08:06:38.010",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "security@zyxel.com.tw",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-17T18:15:09.667",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-17 18:15
Modified
2024-11-21 08:06
Summary
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "48A4A637-C466-4F24-AAA6-CE57AF2EF1A4",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D66CA5F-C85F-4D69-8F82-BDCF6FCB905C",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5E31FC3-E2EC-4909-BF8D-86775AF4D4B5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6EF9AA9-65D5-4D7B-A2BF-9150C6339282",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16DE9EA8-98AB-4EAA-AA98-122F64F8D4D2",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B221F5CD-C0C6-4917-AC15-FF1BA3904915",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "338384D8-1585-4AA7-90FB-E56F641E5A14",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "110A1CA4-0170-4834-8281-0A3E14FC5584",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0FA43EB7-3F72-4250-BE9A-7449B8AEF90F",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "241523CE-2712-4840-A672-E87564B40DE1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "39AE79D4-ABE1-4FAF-9A15-942AF05B6749",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D3F001A-8790-463F-804B-CA5CAC610867",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C429AFE-477E-4243-BAE8-2AB17BB5D9D8",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7FC97DF9-7A02-4DA8-AA9F-0D4CE826E224",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D902D9D2-5215-4A70-9D16-F1C3BA10EE18",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FD857E4-B5C7-416B-AF9D-9E8A772E227E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1B81DDA-DDD5-4D9B-B631-815186E3839F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4894CE6D-BE11-4249-830C-E10141C83D05",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "212C5E8E-774A-446E-B7C7-80C349160BC2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5107841-343E-4776-9F84-90C13BBB736E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD872CA4-385D-49A9-B1DF-7C4467BD49AA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.",
      },
   ],
   id: "CVE-2023-34139",
   lastModified: "2024-11-21T08:06:37.840",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "security@zyxel.com.tw",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-17T18:15:09.607",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-17 18:15
Modified
2024-11-21 08:06
Summary
A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "72763DA5-0150-49FB-A91C-688141B40510",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "369543A8-1D92-42AF-896D-30A38E02D8E5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3844EDBE-1FDA-48E0-9535-D81657E1820A",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61B89E2F-9A44-4A02-9279-158CDAA787D5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6081F154-4A1E-4630-99BB-846B68F5B818",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428D392F-2427-4510-9185-AD9C1FC839A1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "614F4C95-8835-4A0A-B965-51FBD0289DE5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD16BDCE-428C-40B2-BE9E-593ED4C59819",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "110A1CA4-0170-4834-8281-0A3E14FC5584",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F253FB99-B7E9-4809-9E3A-F9964B6B3BD8",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7934D2B0-6F47-4621-B837-93F103C09BEF",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A899D2DE-8C74-4EA1-BD87-B8BF37CBFB6D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A6F6563-A53C-4910-AE9C-281C711264C8",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7F65954-FF1A-46A4-A003-FF8B9666880A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "73256990-7CFC-42A3-9F60-7D6696C9CF83",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4F6D0AA-CDD4-4F1C-98F1-1B381023B3F4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3CA4209-A74D-4BEA-BDB0-759F22766466",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA85BCA2-CEF5-44EF-BEFB-5DA2638F5F37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF969BF-9E27-476A-B9B8-6AD726F7F66B",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D50CC94B-4EAA-44A7-AEF1-415491572FB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BE49691-6313-4A82-BA93-5C7FE49E4E6E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EC7EB91-65C4-45EA-9CB4-3B3961724DCB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6362D1C8-DD85-45E6-B6F0-BB9882FA0F19",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCC7F9D7-2688-4848-9B3F-60C35E66423E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D3F001A-8790-463F-804B-CA5CAC610867",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E19C1F04-1F67-4502-B6E2-B7DA771E1ACA",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D49F68-BCE2-432F-AC2B-1975F7BDBCE7",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D902D9D2-5215-4A70-9D16-F1C3BA10EE18",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C380259A-B524-41EC-A733-805F617BA3E1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1B81DDA-DDD5-4D9B-B631-815186E3839F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF3F62F3-0681-4150-8F89-B44708DE75ED",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "212C5E8E-774A-446E-B7C7-80C349160BC2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11E3C89D-EEEC-449F-9783-91E0AE286223",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD872CA4-385D-49A9-B1DF-7C4467BD49AA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nxc2500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "075CD289-4377-4E6F-AE41-671DFBB2DEB4",
                     versionEndIncluding: "6.10\\(aaig.3\\)",
                     versionStartIncluding: "6.10\\(aaig.0\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nxc2500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BADED427-DEFF-4213-836B-C8EF0531C39A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nxc5500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5296D40F-B269-43D6-9D3B-D9FC18921FBA",
                     versionEndIncluding: "6.10\\(aaos.4\\)",
                     versionStartIncluding: "6.10\\(aaos.0\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nxc5500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A334B8B-8750-4519-B485-0AB0CECD212B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.",
      },
   ],
   id: "CVE-2023-34141",
   lastModified: "2024-11-21T08:06:38.180",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 5.9,
            source: "security@zyxel.com.tw",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-17T18:15:09.770",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-17 18:15
Modified
2024-11-21 08:06
Summary
A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "84E6FEEA-862C-4DCC-A96A-5525EC29CC39",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "025EF97A-491B-49BB-ACBF-AEF6660C5245",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B4C4323-E045-4DEB-9E03-E85EFD3DE2B2",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "14F8731E-714C-48E7-9C3E-4CBF1238E930",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C4CCF83-32E5-456C-8560-1AD374FB008D",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87A3357C-B246-4C50-9B82-B02DFCE5A124",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "47323C1C-3C23-490F-839F-C171FE2B8605",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12FF6DF5-A9C5-4208-8A19-950FAB691EB3",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "110A1CA4-0170-4834-8281-0A3E14FC5584",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3045EBE1-0307-4CAA-8C76-78F1798C50DE",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B89B813-A851-4B33-ADA2-3392DB4DA76E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A899D2DE-8C74-4EA1-BD87-B8BF37CBFB6D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3FE7904-1F19-4D67-88F1-7F4383851BEC",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7F65954-FF1A-46A4-A003-FF8B9666880A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "30150C71-D390-4E66-9DED-4F864A44242A",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4F6D0AA-CDD4-4F1C-98F1-1B381023B3F4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFB78232-7354-44FB-BE44-C66B2274D640",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA85BCA2-CEF5-44EF-BEFB-5DA2638F5F37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "95D3591D-221B-4F16-B43D-D4645CA5B882",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D50CC94B-4EAA-44A7-AEF1-415491572FB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "72E87CE3-1E3E-4CC0-86F1-BD8B28D5B808",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EC7EB91-65C4-45EA-9CB4-3B3961724DCB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2C20159-55E5-4E47-A315-B871AC0E0DA6",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD47CB7C-EDE1-48B4-A217-1383C2AE523D",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D3F001A-8790-463F-804B-CA5CAC610867",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "97523A00-823A-482F-8BF3-05CFB3D560EC",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "20F94EA9-55C2-4E65-8811-227FC7F6F31E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D902D9D2-5215-4A70-9D16-F1C3BA10EE18",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "36EB91C1-B78A-4844-9794-C0D9DB6113E4",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1B81DDA-DDD5-4D9B-B631-815186E3839F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8ACECEB8-939A-4CDF-AF3D-77090C38638F",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "212C5E8E-774A-446E-B7C7-80C349160BC2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD0DFC8F-B4DC-4272-A3C4-BD4D8E77137C",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "4.60",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD872CA4-385D-49A9-B1DF-7C4467BD49AA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.",
      },
   ],
   id: "CVE-2023-34138",
   lastModified: "2024-11-21T08:06:37.680",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 5.9,
            source: "security@zyxel.com.tw",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-17T18:15:09.540",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-17 18:15
Modified
2024-11-21 08:04
Summary
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "39637E53-C502-4377-BC9E-71E0962F7D6F",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "369543A8-1D92-42AF-896D-30A38E02D8E5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3844EDBE-1FDA-48E0-9535-D81657E1820A",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61B89E2F-9A44-4A02-9279-158CDAA787D5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6081F154-4A1E-4630-99BB-846B68F5B818",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428D392F-2427-4510-9185-AD9C1FC839A1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "614F4C95-8835-4A0A-B965-51FBD0289DE5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD16BDCE-428C-40B2-BE9E-593ED4C59819",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "110A1CA4-0170-4834-8281-0A3E14FC5584",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F253FB99-B7E9-4809-9E3A-F9964B6B3BD8",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BD13DCF-7B56-423B-BA54-E2CC2288E12E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A899D2DE-8C74-4EA1-BD87-B8BF37CBFB6D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDDD5813-1215-4047-8AA6-A286571A0475",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7F65954-FF1A-46A4-A003-FF8B9666880A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8B5F6AE-537A-4FFB-92AB-28AE2E1741FB",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4F6D0AA-CDD4-4F1C-98F1-1B381023B3F4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D73608C-EB5F-44B6-BB11-6F7E4742E71E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA85BCA2-CEF5-44EF-BEFB-5DA2638F5F37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51FA0FC-7803-4ECB-BFFB-839E585CD9CA",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D50CC94B-4EAA-44A7-AEF1-415491572FB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCC033D4-363E-4A00-AD9E-1D94D5060CB7",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EC7EB91-65C4-45EA-9CB4-3B3961724DCB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6362D1C8-DD85-45E6-B6F0-BB9882FA0F19",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCC7F9D7-2688-4848-9B3F-60C35E66423E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D3F001A-8790-463F-804B-CA5CAC610867",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E19C1F04-1F67-4502-B6E2-B7DA771E1ACA",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D49F68-BCE2-432F-AC2B-1975F7BDBCE7",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D902D9D2-5215-4A70-9D16-F1C3BA10EE18",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C380259A-B524-41EC-A733-805F617BA3E1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1B81DDA-DDD5-4D9B-B631-815186E3839F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF3F62F3-0681-4150-8F89-B44708DE75ED",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "212C5E8E-774A-446E-B7C7-80C349160BC2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11E3C89D-EEEC-449F-9783-91E0AE286223",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD872CA4-385D-49A9-B1DF-7C4467BD49AA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.",
      },
   ],
   id: "CVE-2023-33012",
   lastModified: "2024-11-21T08:04:24.260",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "security@zyxel.com.tw",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-17T18:15:09.473",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-07-02 11:15
Modified
2024-11-21 06:11
Summary
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
Impacted products
Vendor Product Version
zyxel usg1900_firmware *
zyxel usg1900 -
zyxel usg1100_firmware *
zyxel usg1100 -
zyxel usg310_firmware *
zyxel usg310 -
zyxel usg210_firmware *
zyxel usg210 -
zyxel usg110_firmware *
zyxel usg110 -
zyxel usg40_firmware *
zyxel usg40 -
zyxel usg40w_firmware *
zyxel usg40w -
zyxel usg60_firmware *
zyxel usg60 -
zyxel usg60w_firmware *
zyxel usg60w -
zyxel usg300_firmware *
zyxel usg300 -
zyxel usg1000_firmware *
zyxel usg1000 -
zyxel usg2000_firmware *
zyxel usg2000 -
zyxel usg20_firmware *
zyxel usg20 -
zyxel usg20w_firmware *
zyxel usg20w -
zyxel usg50_firmware *
zyxel usg50 -
zyxel usg100_firmware *
zyxel usg100 -
zyxel usg200_firmware *
zyxel usg200 -
zyxel usg_flex_100_firmware *
zyxel usg_flex_100 -
zyxel usg_flex_200_firmware *
zyxel usg_flex_200 -
zyxel usg_flex_500_firmware *
zyxel usg_flex_500 -
zyxel usg_flex_100w_firmware *
zyxel usg_flex_100w -
zyxel usg_flex_700_firmware *
zyxel usg_flex_700 -
zyxel zywall_atp100_firmware *
zyxel zywall_atp100 -
zyxel zywall_atp100w_firmware *
zyxel zywall_atp100w -
zyxel zywall_atp200_firmware *
zyxel zywall_atp200 -
zyxel zywall_atp500_firmware *
zyxel zywall_atp500 -
zyxel zywall_atp700_firmware *
zyxel zywall_atp700 -
zyxel zywall_atp800_firmware *
zyxel zywall_atp800 -
zyxel zywall_vpn50_firmware *
zyxel zywall_vpn50 -
zyxel zywall_vpn100_firmware *
zyxel zywall_vpn100 -
zyxel zywall_vpn300_firmware *
zyxel zywall_vpn300 -
zyxel usg20-vpn_firmware *
zyxel usg20-vpn -
zyxel usg20w-vpn_firmware *
zyxel usg20w-vpn -
zyxel usg2200-vpn_firmware *
zyxel usg2200-vpn -
zyxel zywall_110_firmware *
zyxel zywall_110 -
zyxel zywall_310_firmware *
zyxel zywall_310 -
zyxel zywall_1100_firmware *
zyxel zywall_1100 -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg1900_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AB64698-F450-405C-9D27-EE5A34466835",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60F4E816-C4D3-451A-965C-45387D7DEB5B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg1100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "37AB8F08-EEEB-4318-8A5F-10211B61E852",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3ED3A6D-68BC-48F6-AC34-99C5C012AF85",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5C0676F-CA90-4E29-8131-AD2026E8E79D",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F17EF47-19AE-40BC-B547-B5900CC6D627",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DED36D6-2286-4CDF-BACF-48403F3FCCE0",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E355564-3F7A-4EE4-AD65-A84B78BB5395",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "23F9913B-2AE5-4B07-9EED-5A5F18B3F541",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "26900300-1325-4C8A-BC3B-A10233B2462A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D485C08-FC2E-4569-BB49-249F7BDA149C",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AB1AAB7-AACC-4535-8C30-2D1FF7B2D647",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3082ED-A564-494D-8427-B61F15F6DD88",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9755AA21-D626-453A-A7E1-0069832E861A",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6626D8CA-2E58-46F7-9592-4922A3E6DF79",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg2000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C6EDA25D-48DE-4B4A-9792-D9587A6FB8FC",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg2000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "748C9FE8-E66D-480F-9688-75E563332A23",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8AC24EC0-FA7F-4500-A9CB-4854286DD67D",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F5C3A2C-12EA-4FAE-B088-665A90494685",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "01B72080-1F0E-484D-8929-67BC2585E62B",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B44BD562-5D3A-4E4F-B648-6E2D1F0B02C7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABDA4AA0-FE83-400C-A7AE-001611225552",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE138A97-1AB8-493D-92AA-276DFA40E14F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6EAAF268-7195-4884-B90E-93054A8CAC95",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "656D8467-02C4-43F6-A64B-998300D71814",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF8B5062-6330-4369-9D7F-EA54E6A990E9",
                     versionEndIncluding: "4.64",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F7F15F3-9A55-462F-8AE3-EE71B759DE68",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6718F421-40F9-4599-9720-9F3461AD0693",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE8626E7-8B32-4F54-9078-2C7E182783F7",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D39FB8E-FF0D-40D2-A92D-FB1B2C89D29D",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "686F56DF-BE47-4A17-A275-F7F0F38A16CF",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "789C6F4B-1592-40C2-9DE1-1C436F6F2A2B",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B332B58-AF42-45E3-B224-9AD745485A14",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A899D2DE-8C74-4EA1-BD87-B8BF37CBFB6D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A33C164A-F565-47AB-8F8C-3D418F36638B",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7F65954-FF1A-46A4-A003-FF8B9666880A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "817D54B2-A13E-4105-B63D-A0474BC63CD7",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4F6D0AA-CDD4-4F1C-98F1-1B381023B3F4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF1F9383-C537-4B57-B3B1-61F5E7165642",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA85BCA2-CEF5-44EF-BEFB-5DA2638F5F37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9AF0390-357C-4249-A7CF-EE902836A2FE",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D50CC94B-4EAA-44A7-AEF1-415491572FB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FECB2D46-3776-4059-8F01-164641965C84",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EC7EB91-65C4-45EA-9CB4-3B3961724DCB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EA23975-C587-4BC1-986A-55DA451A05CB",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D902D9D2-5215-4A70-9D16-F1C3BA10EE18",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "24FD0B6C-EA3E-4AAC-BCFD-A58F0996988E",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC931102-95D8-4BF4-AA6B-F8F6CC4024C7",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "05F5F64E-3020-4453-A183-454EF80025A7",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7239C54F-EC9E-44B4-AE33-1D36E5448219",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4ECA11E7-4DCE-4030-9602-F7336A434817",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "06D2AD3A-9197-487D-A267-24DE332CC66B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0ED8D58-62BA-4225-8C68-0E8D75FB936C",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "68CB2401-479A-4124-B03F-589D7C1061FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E4763C9-EC74-4CAE-8A72-162E51ABBA9E",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "145E41D9-E376-4B8E-A34F-F2C7ECFD649D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D54C6A9-B282-4B5C-BAB0-24FB03415FA4",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B40C703E-C7C0-4B49-A336-83853D3E8C31",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8A67D33-EF8E-4B70-891A-51DD5B4680D8",
                     versionEndIncluding: "5.01",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE32A1C-A730-4893-BCB9-F753F8E65440",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de omisión de la autenticación en la interfaz de administración basada en web de Zyxel USG/Zywall series versiones de firmware 4.35 hasta 4.64 y USG Flex, ATP, y VPN versiones de firmware 4.35 hasta 5.01, que podría permitir a un atacante remoto ejecutar comandos arbitrarios en un dispositivo afectado",
      },
   ],
   id: "CVE-2021-35029",
   lastModified: "2024-11-21T06:11:42.280",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "security@zyxel.com.tw",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-07-02T11:15:08.930",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-17 18:15
Modified
2024-11-21 08:04
Summary
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "369543A8-1D92-42AF-896D-30A38E02D8E5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3844EDBE-1FDA-48E0-9535-D81657E1820A",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61B89E2F-9A44-4A02-9279-158CDAA787D5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6081F154-4A1E-4630-99BB-846B68F5B818",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428D392F-2427-4510-9185-AD9C1FC839A1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "614F4C95-8835-4A0A-B965-51FBD0289DE5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD16BDCE-428C-40B2-BE9E-593ED4C59819",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "110A1CA4-0170-4834-8281-0A3E14FC5584",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F253FB99-B7E9-4809-9E3A-F9964B6B3BD8",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6362D1C8-DD85-45E6-B6F0-BB9882FA0F19",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCC7F9D7-2688-4848-9B3F-60C35E66423E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D3F001A-8790-463F-804B-CA5CAC610867",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E19C1F04-1F67-4502-B6E2-B7DA771E1ACA",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D49F68-BCE2-432F-AC2B-1975F7BDBCE7",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D902D9D2-5215-4A70-9D16-F1C3BA10EE18",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C380259A-B524-41EC-A733-805F617BA3E1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1B81DDA-DDD5-4D9B-B631-815186E3839F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF3F62F3-0681-4150-8F89-B44708DE75ED",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "212C5E8E-774A-446E-B7C7-80C349160BC2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11E3C89D-EEEC-449F-9783-91E0AE286223",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD872CA4-385D-49A9-B1DF-7C4467BD49AA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "39637E53-C502-4377-BC9E-71E0962F7D6F",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BD13DCF-7B56-423B-BA54-E2CC2288E12E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A899D2DE-8C74-4EA1-BD87-B8BF37CBFB6D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDDD5813-1215-4047-8AA6-A286571A0475",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7F65954-FF1A-46A4-A003-FF8B9666880A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8B5F6AE-537A-4FFB-92AB-28AE2E1741FB",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4F6D0AA-CDD4-4F1C-98F1-1B381023B3F4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D73608C-EB5F-44B6-BB11-6F7E4742E71E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA85BCA2-CEF5-44EF-BEFB-5DA2638F5F37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51FA0FC-7803-4ECB-BFFB-839E585CD9CA",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D50CC94B-4EAA-44A7-AEF1-415491572FB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCC033D4-363E-4A00-AD9E-1D94D5060CB7",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EC7EB91-65C4-45EA-9CB4-3B3961724DCB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.",
      },
   ],
   id: "CVE-2023-33011",
   lastModified: "2024-11-21T08:04:24.097",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "security@zyxel.com.tw",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-17T18:15:09.397",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-134",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-134",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-17 17:15
Modified
2024-11-21 07:55
Summary
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "369543A8-1D92-42AF-896D-30A38E02D8E5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3844EDBE-1FDA-48E0-9535-D81657E1820A",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61B89E2F-9A44-4A02-9279-158CDAA787D5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6081F154-4A1E-4630-99BB-846B68F5B818",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428D392F-2427-4510-9185-AD9C1FC839A1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "614F4C95-8835-4A0A-B965-51FBD0289DE5",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD16BDCE-428C-40B2-BE9E-593ED4C59819",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "110A1CA4-0170-4834-8281-0A3E14FC5584",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F253FB99-B7E9-4809-9E3A-F9964B6B3BD8",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6362D1C8-DD85-45E6-B6F0-BB9882FA0F19",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCC7F9D7-2688-4848-9B3F-60C35E66423E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D3F001A-8790-463F-804B-CA5CAC610867",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E19C1F04-1F67-4502-B6E2-B7DA771E1ACA",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D49F68-BCE2-432F-AC2B-1975F7BDBCE7",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D902D9D2-5215-4A70-9D16-F1C3BA10EE18",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C380259A-B524-41EC-A733-805F617BA3E1",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1B81DDA-DDD5-4D9B-B631-815186E3839F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF3F62F3-0681-4150-8F89-B44708DE75ED",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "212C5E8E-774A-446E-B7C7-80C349160BC2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11E3C89D-EEEC-449F-9783-91E0AE286223",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD872CA4-385D-49A9-B1DF-7C4467BD49AA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "39637E53-C502-4377-BC9E-71E0962F7D6F",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BD13DCF-7B56-423B-BA54-E2CC2288E12E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A899D2DE-8C74-4EA1-BD87-B8BF37CBFB6D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDDD5813-1215-4047-8AA6-A286571A0475",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7F65954-FF1A-46A4-A003-FF8B9666880A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8B5F6AE-537A-4FFB-92AB-28AE2E1741FB",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4F6D0AA-CDD4-4F1C-98F1-1B381023B3F4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D73608C-EB5F-44B6-BB11-6F7E4742E71E",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA85BCA2-CEF5-44EF-BEFB-5DA2638F5F37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51FA0FC-7803-4ECB-BFFB-839E585CD9CA",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D50CC94B-4EAA-44A7-AEF1-415491572FB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCC033D4-363E-4A00-AD9E-1D94D5060CB7",
                     versionEndExcluding: "5.37",
                     versionStartIncluding: "5.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EC7EB91-65C4-45EA-9CB4-3B3961724DCB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.",
      },
   ],
   id: "CVE-2023-28767",
   lastModified: "2024-11-21T07:55:58.100",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "security@zyxel.com.tw",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-17T17:15:09.883",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2023-34140
Vulnerability from cvelistv5
Published
2023-07-17 17:49
Modified
2024-10-21 19:42
Summary
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.
Impacted products
Vendor Product Version
Zyxel ATP series firmware Version: 4.32 through 5.36 Patch 2
Zyxel USG FLEX series firmware Version: 4.50 through 5.36 Patch 2
Zyxel USG FLEX 50(W) series firmware Version: 4.16 through 5.36 Patch 2
Zyxel USG20(W)-VPN series firmware Version: 4.16 through 5.36 Patch 2
Zyxel VPN series firmware Version: 4.30 through 5.36 Patch 2
Zyxel NXC2500 firmware Version: 6.10(AAIG.0) through 6.10(AAIG.3)
Zyxel NXC5500 firmware Version: 6.10(AAOS.0) through 6.10(AAOS.4)
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T16:01:54.194Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-34140",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-21T19:17:36.859068Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-21T19:42:15.688Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.32 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.50 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX 50(W) series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.16 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG20(W)-VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.16 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.30 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NXC2500 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "6.10(AAIG.0) through 6.10(AAIG.3)",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NXC5500 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "6.10(AAOS.0) through 6.10(AAOS.4)",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.",
                  },
               ],
               value: "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-17T17:49:38.175Z",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2023-34140",
      datePublished: "2023-07-17T17:49:38.175Z",
      dateReserved: "2023-05-26T03:44:51.339Z",
      dateUpdated: "2024-10-21T19:42:15.688Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-33011
Vulnerability from cvelistv5
Published
2023-07-17 17:15
Modified
2024-11-07 19:08
Summary
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.
Impacted products
Vendor Product Version
Zyxel ATP series firmware Version: 5.10 through 5.36 Patch 2
Zyxel USG FLEX series firmware Version: 5.00 through 5.36 Patch 2
Zyxel USG FLEX 50(W) series firmware Version: 5.10 through 5.36 Patch 2
Zyxel USG20(W)-VPN series firmware Version: 5.10 through 5.36 Patch 2
Zyxel VPN series firmware Version: 5.00 through 5.36 Patch 2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T15:32:46.611Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:vpn_series_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "vpn_series_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch_2",
                        status: "affected",
                        version: "5.00",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "atp100_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch_2",
                        status: "affected",
                        version: "5.10",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "usg_flex_series_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch_2",
                        status: "affected",
                        version: "5.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg_flex_50\\/w\\/_series_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "usg_flex_50\\/w\\/_series_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch_2",
                        status: "affected",
                        version: "5.10",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "usg20w-vpn_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch_2",
                        status: "affected",
                        version: "5.10",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-33011",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T18:57:20.597639Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T19:08:01.595Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.10 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX 50(W) series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.10 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG20(W)-VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.10 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36 Patch 2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.",
                  },
               ],
               value: "A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-134",
                     description: "CWE-134 Use of Externally-Controlled Format String",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-17T17:15:45.876Z",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2023-33011",
      datePublished: "2023-07-17T17:15:45.876Z",
      dateReserved: "2023-05-17T02:56:16.623Z",
      dateUpdated: "2024-11-07T19:08:01.595Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-33012
Vulnerability from cvelistv5
Published
2023-07-17 17:23
Modified
2024-08-02 15:32
Summary
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.
Impacted products
Vendor Product Version
Zyxel ATP series firmware Version: 5.10 through 5.36 Patch 2
Zyxel USG FLEX series firmware Version: 5.00 through 5.36 Patch 2
Zyxel USG FLEX 50(W) series firmware Version: 5.10 through 5.36 Patch 2
Zyxel USG20(W)-VPN series firmware Version: 5.10 through 5.36 Patch 2
Zyxel VPN series firmware Version: 5.00 through 5.36 Patch 2
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-33012",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2023-07-31T00:00:00+00:00",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-10T03:55:13.069Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T15:32:46.561Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.10 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX 50(W) series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.10 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG20(W)-VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.10 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36 Patch 2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.",
                  },
               ],
               value: "A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-17T17:23:26.370Z",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2023-33012",
      datePublished: "2023-07-17T17:23:26.370Z",
      dateReserved: "2023-05-17T02:56:16.623Z",
      dateUpdated: "2024-08-02T15:32:46.561Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-34141
Vulnerability from cvelistv5
Published
2023-07-17 17:56
Modified
2024-10-29 16:06
Summary
A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.
Impacted products
Vendor Product Version
Zyxel ATP series firmware Version: 5.00 through 5.36 Patch 2
Zyxel USG FLEX series firmware Version: 5.00 through 5.36 Patch 2
Zyxel USG FLEX 50(W) series firmware Version: 5.00 through 5.36 Patch 2
Zyxel USG20(W)-VPN series firmware Version: 5.00 through 5.36 Patch 2
Zyxel VPN series firmware Version: 5.00 through 5.36 Patch 2
Zyxel NXC2500 firmware Version: 6.10(AAIG.0) through 6.10(AAIG.3)
Zyxel NXC5500 firmware Version: 6.10(AAOS.0) through 6.10(AAOS.4)
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T16:01:53.937Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "atp",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch-2",
                        status: "affected",
                        version: "5.00",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "usg_flex",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch-2",
                        status: "affected",
                        version: "5.00",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "usg_flex_50w_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch-2",
                        status: "affected",
                        version: "5.00",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "usg20w-vpn_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch-2",
                        status: "affected",
                        version: "5.00",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "vpn_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_patch-2",
                        status: "affected",
                        version: "5.00",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:nxc2500_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "nxc2500_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "6.10(AAIG.3)",
                        status: "affected",
                        version: "6.10(AAIG.0)",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:nxc5500_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "nxc5500_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "6.10(AAOS.4)",
                        status: "affected",
                        version: "6.10(AAOS.0)",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-34141",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-29T15:54:42.546431Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-29T16:06:41.479Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX 50(W) series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG20(W)-VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NXC2500 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "6.10(AAIG.0) through 6.10(AAIG.3)",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NXC5500 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: " 6.10(AAOS.0) through 6.10(AAOS.4)",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.",
                  },
               ],
               value: "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-17T17:56:26.818Z",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2023-34141",
      datePublished: "2023-07-17T17:56:26.818Z",
      dateReserved: "2023-05-26T03:44:51.339Z",
      dateUpdated: "2024-10-29T16:06:41.479Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-35029
Vulnerability from cvelistv5
Published
2021-07-02 10:29
Modified
2024-08-04 00:33
Severity ?
Summary
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
Impacted products
Vendor Product Version
Zyxel USG/Zywall series Firmware Version: 4.35 through 4.64
Zyxel USG FLEX series Firmware Version: 4.35 through 5.01
Zyxel ATP series Firmware Version: 4.35 through 5.01
Zyxel VPN series Firmware Version: 4.35 through 5.01
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:33:49.831Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "USG/Zywall series Firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.35 through 4.64",
                  },
               ],
            },
            {
               product: "USG FLEX series Firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.35 through 5.01",
                  },
               ],
            },
            {
               product: "ATP series Firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.35 through 5.01",
                  },
               ],
            },
            {
               product: "VPN series Firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.35 through 5.01",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-287",
                     description: "CWE-287: Improper Authentication",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-02T10:29:07",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@zyxel.com.tw",
               ID: "CVE-2021-35029",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "USG/Zywall series Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.35 through 4.64",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "USG FLEX series Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.35 through 5.01",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "ATP series Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.35 through 5.01",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "VPN series Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.35 through 5.01",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Zyxel",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "9.8",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-287: Improper Authentication",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml",
                     refsource: "MISC",
                     url: "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2021-35029",
      datePublished: "2021-07-02T10:29:07",
      dateReserved: "2021-06-17T00:00:00",
      dateUpdated: "2024-08-04T00:33:49.831Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-28767
Vulnerability from cvelistv5
Published
2023-07-17 16:59
Modified
2024-11-07 19:14
Summary
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.
Impacted products
Vendor Product Version
Zyxel ATP series firmware Version: 5.10 through 5.36
Zyxel USG FLEX series firmware Version: 5.00 through 5.36
Zyxel USG FLEX 50(W) series firmware Version: 5.10 through 5.36
Zyxel USG20(W)-VPN series firmware Version: 5.10 through 5.36
Zyxel VPN series firmware Version: 5.00 through 5.36
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T13:51:38.271Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:atp_series_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "atp_series_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36",
                        status: "affected",
                        version: "5.10",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "usg_flex_series_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36",
                        status: "affected",
                        version: "5.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg_flex_50\\/w\\/_series_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "usg_flex_50\\/w\\/_series_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36",
                        status: "affected",
                        version: "5.10",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "usg_flex_series_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36",
                        status: "affected",
                        version: "5.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:atp_series_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "atp_series_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36",
                        status: "affected",
                        version: "5.10",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-28767",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T19:08:51.946121Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T19:14:46.971Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.10 through 5.36",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX 50(W) series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.10 through 5.36",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG20(W)-VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.10 through 5.36",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "5.00 through 5.36",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.",
                  },
               ],
               value: "The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-17T16:59:45.258Z",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2023-28767",
      datePublished: "2023-07-17T16:59:45.258Z",
      dateReserved: "2023-03-23T10:34:20.987Z",
      dateUpdated: "2024-11-07T19:14:46.971Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-34139
Vulnerability from cvelistv5
Published
2023-07-17 17:36
Modified
2024-10-29 16:19
Summary
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
Impacted products
Vendor Product Version
Zyxel USG FLEX series firmware Version: 4.50 through 5.36 Patch 2
Zyxel VPN series firmware Version: 4.20 through 5.36 Patch 2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T16:01:54.148Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "usg_flex_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_Patch-2",
                        status: "affected",
                        version: "4.50",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "vpn_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36_Patch-2",
                        status: "affected",
                        version: "4.20",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-34139",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-29T16:18:52.786892Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-29T16:19:03.216Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.50 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.20 through 5.36 Patch 2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.",
                  },
               ],
               value: "A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-18T01:16:42.677Z",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2023-34139",
      datePublished: "2023-07-17T17:36:32.909Z",
      dateReserved: "2023-05-26T03:44:51.339Z",
      dateUpdated: "2024-10-29T16:19:03.216Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-34138
Vulnerability from cvelistv5
Published
2023-07-17 17:31
Modified
2024-10-30 18:02
Summary
A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.
Impacted products
Vendor Product Version
Zyxel ATP series firmware Version: 4.60 through 5.36 Patch 2
Zyxel USG FLEX series firmware Version: 4.60 through 5.36 Patch 2
Zyxel USG FLEX 50(W) series firmware Version: 4.60 through 5.36 Patch 2
Zyxel USG20(W)-VPN series firmware Version: 4.60 through 5.36 Patch 2
Zyxel VPN series firmware Version: 4.60 through 5.36 Patch 2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T16:01:54.181Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "atp_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36 Patch 2",
                        status: "affected",
                        version: "4.60",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "usg_flex_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36 Patch 2",
                        status: "affected",
                        version: "4.60",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "usg_flex_50w_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36 Patch 2",
                        status: "affected",
                        version: "4.60",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "usg20w-vpn_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36 Patch 2",
                        status: "affected",
                        version: "4.60",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "vpn_firmware",
                  vendor: "zyxel",
                  versions: [
                     {
                        lessThanOrEqual: "5.36 Patch 2",
                        status: "affected",
                        version: "4.60",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-34138",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-30T17:59:03.869372Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-30T18:02:28.372Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.60 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.60 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG FLEX 50(W) series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.60 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "USG20(W)-VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.60 through 5.36 Patch 2",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.60 through 5.36 Patch 2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.",
                  },
               ],
               value: "A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-17T18:01:33.075Z",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2023-34138",
      datePublished: "2023-07-17T17:31:40.719Z",
      dateReserved: "2023-05-26T03:44:51.338Z",
      dateUpdated: "2024-10-30T18:02:28.372Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}