Lucene search

PRIOn knowledge basePRION:CVE-2023-27991

HistoryApr 24, 2023 - 6:15 p.m.

Command injection

2023-04-2418:15:00

PRIOn knowledge base

www.prio-n.com

command injection

zyxel atp

usg flex

firmware vulnerability

remote os command execution

cli vulnerability

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.

CPENameOperatorVersion
atp100_firmwarege4.32
atp100_firmwarelt5.36
atp100w_firmwarege4.32
atp100w_firmwarelt5.36
atp200_firmwarege4.32
atp200_firmwarelt5.36
atp500_firmwarege4.32
atp500_firmwarelt5.36
atp700_firmwarege4.32
atp700_firmwarelt5.36

Name	Operator	Version
atp100_firmware	ge	4.32
atp100_firmware	lt	5.36
atp100w_firmware	ge	4.32
atp100w_firmware	lt	5.36
atp200_firmware	ge	4.32
atp200_firmware	lt	5.36
atp500_firmware	ge	4.32
atp500_firmware	lt	5.36
atp700_firmware	ge	4.32
atp700_firmware	lt	5.36

Rows per page:

1-10 of 381

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls