Lucene search

ZyxelCVE-2024-7203

HistorySep 03, 2024 - 2:15 a.m.

CVE-2024-7203

2024-09-0302:15:05

CWE-78

Zyxel

web.nvd.nist.gov

command injection

zyxel atp

usg flex

firmware vulnerability

operating system commands

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

21.1%

JSON

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.

Affected configurations

Nvd

Node

zyxelzld_firmwareRange4.60–5.39

AND

zyxelatp100Match-

zyxelatp100wMatch-

zyxelatp200Match-

zyxelatp500Match-

zyxelatp700Match-

zyxelatp800Match-

Node

zyxelzld_firmwareRange4.60–5.39

AND

zyxelusg_flex_100Match-

zyxelusg_flex_100axMatch-

zyxelusg_flex_100wMatch-

zyxelusg_flex_200Match-

zyxelusg_flex_50Match-

zyxelusg_flex_500Match-

zyxelusg_flex_50wMatch-

zyxelusg_flex_700Match-

VendorProductVersionCPE
zyxelzld_firmware*cpe:2.3:o:zyxel:zld_firmware:*:*:*:*:*:*:*:*
zyxelatp100-cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*
zyxelatp100w-cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*
zyxelatp200-cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*
zyxelatp500-cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*
zyxelatp700-cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*
zyxelatp800-cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*
zyxelusg_flex_100-cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
zyxelusg_flex_100ax-cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*
zyxelusg_flex_100w-cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	zld_firmware	*	cpe:2.3:o:zyxel:zld_firmware::::::::
zyxel	atp100	-	cpe:2.3:h:zyxel:atp100:-:::::::*
zyxel	atp100w	-	cpe:2.3:h:zyxel:atp100w:-:::::::*
zyxel	atp200	-	cpe:2.3:h:zyxel:atp200:-:::::::*
zyxel	atp500	-	cpe:2.3:h:zyxel:atp500:-:::::::*
zyxel	atp700	-	cpe:2.3:h:zyxel:atp700:-:::::::*
zyxel	atp800	-	cpe:2.3:h:zyxel:atp800:-:::::::*
zyxel	usg_flex_100	-	cpe:2.3:h:zyxel:usg_flex_100:-:::::::*
zyxel	usg_flex_100ax	-	cpe:2.3:h:zyxel:usg_flex_100ax:-:::::::*
zyxel	usg_flex_100w	-	cpe:2.3:h:zyxel:usg_flex_100w:-:::::::*

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions V4.60 through V5.38"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions V4.60 through V5.38"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

21.1%

JSON

Related for CVE-2024-7203