FKIE_CVE-2023-6764
Vulnerability from fkie_nvd - Published: 2024-02-20 03:15 - Updated: 2025-01-21 18:35
Severity ?
Summary
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B1CC86-551C-4CF1-9905-22D983C87B0C",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "121E2131-A6CB-4714-BD0B-9CDBFF924F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C4AA7A4F-E00F-4CFA-8B4F-305BEC37F0B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D7828-078E-4418-9F04-302FC7F8BB25",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "F750721F-73AD-4BDD-A407-72D8DEB30C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "069E7437-BF71-4F73-8C0A-44DC9804492B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67DC678C-8CA1-4289-A69B-435FE3374BCD",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "B20F854E-486D-46C0-90C8-81153573FEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DE71538C-16FD-43B1-B6CD-EB5988AFB7BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C9B7E5-F548-4F9F-8CA7-20B7D41DF0AC",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "9E8933B8-F66E-4667-955E-DB5486534C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "6F694EDC-DEF2-47D4-BCF0-32972EF8CEA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1974D6-04C1-4135-812D-6901712940EE",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "0E3E890B-8BDE-4C22-BFF7-B87495C71C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3037AE20-8F8B-4656-9534-6436A8AEA8C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C4C98F-B383-4F2F-B84E-3C6DDD8437DB",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "67FA1CEC-DED7-46D4-A4FC-780431B3EE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD1CE91-B72C-4589-9A5F-F1164C0193AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D66CA5F-C85F-4D69-8F82-BDCF6FCB905C",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DF266069-4FA5-4343-B62C-0940A0C61566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "99E0ECA5-7FE6-4E56-A741-E3260C99A43A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF216E5-870B-4C6E-9CFA-A5FB6F476CB0",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "395E8D72-E9F6-4923-B4DE-875D195B27F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FCBEDDCD-A9F6-4E07-ADF8-B1E9C557CDEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C220BBFF-29A6-483B-9806-6A966625EFEE",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "45EEA203-C4E3-4916-A9E5-15AB994B53FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A21576D3-6A3F-451C-9B62-E0B0418D5529",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E31FC3-E2EC-4909-BF8D-86775AF4D4B5",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DC61CF4F-74D5-4C96-8D8A-779436CF344D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "25EB6607-7241-4D01-BC87-3C3E62B27B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EF9AA9-65D5-4D7B-A2BF-9150C6339282",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "8E4CC2FF-2BB1-43E8-A7AA-56A220705FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "31206A47-4A01-4FB7-A0AA-E9D22C63941D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B29C9B-DB92-4DBD-9F83-1C9FABAC81B4",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "CBDE985D-B016-4303-8EE6-904C79F8FE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "0ACD16E9-7EE0-4AD5-9D71-121AFAEF7947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC129C3-AD72-44AE-B89D-5BF40559B9F4",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "9EE95AED-D8FB-44BD-856D-2F7A6DB2AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "D764B87E-8B23-4C33-93BB-59B23CFEADBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B221F5CD-C0C6-4917-AC15-FF1BA3904915",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "D9D7FBB8-C983-4EFA-90CB-EC5C6A26D112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "5CDA1267-E136-4932-9627-B4D12DB17E27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ACA5C0-F9AC-4986-95CF-74A92DEAF45E",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "1D168F82-50CE-4E25-B1D9-B50F69463F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9A0B9A2C-772B-4669-BC7C-71FA32B1B4EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA43EB7-3F72-4250-BE9A-7449B8AEF90F",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "A1FEDD30-0B80-4F07-8475-156B9FE46883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3953AFFC-18E6-46AA-BC99-EA65726E4D9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D051AE62-28E7-4626-B5CB-F4B244260A0E",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "A5A45A9D-D9C7-495D-BD83-EE088746FD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "606D09B9-0376-4277-9964-F0580D65C3E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50C93BA9-E4F3-48F3-8D58-92409905AC03",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "5476C178-E553-44FC-854B-5851F0F28469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C2D65155-CDF2-4A99-94CA-D4B61B26D32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2842FD-23CC-4E12-AF08-979035695E5F",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "DC8C2C47-FE8E-4496-9648-0B264A9A2EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "EEB68246-FD4B-4FB6-9140-63725EA24660",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E10984B-2ACA-4B15-AF74-F6E7D467DA8B",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "B0BFA01B-1328-4F96-AE56-D39416A54F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABB0C1EC-512C-4A00-84C6-4F93FDD7739F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE25FC75-B93D-4010-A255-2AF732D47674",
"versionEndExcluding": "5.37",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:-:*:*:*:*:*:*",
"matchCriteriaId": "D8470EFC-2AED-45A3-8F4E-CF8EB8EB43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
"matchCriteriaId": "AFD0A4B7-5A6D-4DAE-9FA4-559F9932A92B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de cadena de formato en una funci\u00f3n de la funci\u00f3n VPN IPSec en las versiones de firmware de la serie Zyxel ATP de 4.32 a 5.37 Parche 1, versiones de firmware de la serie USG FLEX de 4.50 a 5.37 Parche 1, versiones de firmware de la serie USG FLEX 50(W) de 4.16 a 5.37 El parche 1 y las versiones de firmware de la serie USG20(W)-VPN desde 4.16 hasta 5.37. El parche 1 podr\u00eda permitir a un atacante lograr la ejecuci\u00f3n remota no autorizada de c\u00f3digo enviando una secuencia de payloads especialmente manipulados que contengan un puntero no v\u00e1lido; sin embargo, un ataque de este tipo requerir\u00eda un conocimiento detallado del dise\u00f1o y la configuraci\u00f3n de la memoria del dispositivo afectado."
}
],
"id": "CVE-2023-6764",
"lastModified": "2025-01-21T18:35:59.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Primary"
}
]
},
"published": "2024-02-20T03:15:07.870",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…