Lucene search

[email protected]CVE-2023-34141

HistoryJul 17, 2023 - 6:15 p.m.

CVE-2023-34141

2023-07-1718:15:09

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-34141

command injection

zyxel atp

usg flex

usg flex 50(w)

usg20(w)-vpn

vpn

nxc2500

nxc5500

firmware vulnerability

access point management

os commands

network security

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.

Affected configurations

NVD

Node

zyxelusg_20w-vpnMatch-

AND

zyxelusg_20w-vpn_firmwareRange5.00–5.37

Node

zyxelusg_2200-vpnMatch-

AND

zyxelusg_2200-vpn_firmwareRange5.00–5.37

Node

zyxelusg_flex_100Match-

AND

zyxelusg_flex_100_firmwareRange5.00–5.37

Node

zyxelusg_flex_100wMatch-

AND

zyxelusg_flex_100w_firmwareRange5.00–5.37

Node

zyxelusg_flex_200Match-

AND

zyxelusg_flex_200_firmwareRange5.00–5.37

Node

zyxelusg_flex_50Match-

AND

zyxelusg_flex_50_firmwareRange5.00–5.37

Node

zyxelusg_flex_500Match-

AND

zyxelusg_flex_500_firmwareRange5.00–5.37

Node

zyxelusg_flex_50wMatch-

AND

zyxelusg_flex_50w_firmwareRange5.00–5.37

Node

zyxelusg_flex_700Match-

AND

zyxelusg_flex_700_firmwareRange5.00–5.37

Node

zyxelzywall_atp100Match-

AND

zyxelzywall_atp100_firmwareRange5.00–5.37

Node

zyxelzywall_atp100wMatch-

AND

zyxelzywall_atp100w_firmwareRange5.00–5.37

Node

zyxelzywall_atp200Match-

AND

zyxelzywall_atp200_firmwareRange5.00–5.37

Node

zyxelzywall_atp500_firmwareRange5.00–5.37

AND

zyxelzywall_atp500Match-

Node

zyxelzywall_atp700_firmwareRange5.00–5.37

AND

zyxelzywall_atp700Match-

Node

zyxelzywall_atp800_firmwareRange5.00–5.37

AND

zyxelzywall_atp800Match-

Node

zyxelzywall_vpn100_firmwareRange5.00–5.37

AND

zyxelzywall_vpn100Match-

Node

zyxelzywall_vpn2s_firmwareRange5.00–5.37

AND

zyxelzywall_vpn2sMatch-

Node

zyxelzywall_vpn300_firmwareRange5.00–5.37

AND

zyxelzywall_vpn300Match-

Node

zyxelzywall_vpn50_firmwareRange5.00–5.37

AND

zyxelzywall_vpn50Match-

Node

zyxelzywall_vpn_100_firmwareRange5.00–5.37

AND

zyxelzywall_vpn_100Match-

Node

zyxelzywall_vpn_300_firmwareRange5.00–5.37

AND

zyxelzywall_vpn_300Match-

Node

zyxelzywall_vpn_50_firmwareRange5.00–5.37

AND

zyxelzywall_vpn_50Match-

Node

zyxelnxc2500_firmwareRange6.10\(aaig.0\)–6.10\(aaig.3\)

AND

zyxelnxc2500Match-

Node

zyxelnxc5500_firmwareRange6.10\(aaos.0\)–6.10\(aaos.4\)

AND

zyxelnxc5500Match-

CPENameOperatorVersion
zyxel:usg_20w-vpn_firmwarezyxel usg 20w-vpn firmwarelt5.37

CPE	Name	Operator	Version
zyxel:usg_20w-vpn_firmware	zyxel usg 20w-vpn firmware	lt	5.37

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "5.00 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "5.00 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX 50(W) series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "5.00 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG20(W)-VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "5.00 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "5.00 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NXC2500 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.10(AAIG.0) through 6.10(AAIG.3)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NXC5500 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": " 6.10(AAOS.0) through 6.10(AAOS.4)"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

Related for CVE-2023-34141

nvd1 cvelist1 prion1 nessus1