Command injection

2023-07-1718:15:00

PRIOn knowledge base

www.prio-n.com

command injection

zyxel atp

usg flex

lan-based attacker

os commands

authorized administrator

trusted radius clients

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.6%

JSON

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.

CPENameOperatorVersion
usg_20w-vpn_firmwarege4.60
usg_20w-vpn_firmwarelt5.37
usg_2200-vpn_firmwarege4.60
usg_2200-vpn_firmwarelt5.37
usg_flex_100_firmwarege4.60
usg_flex_100_firmwarelt5.37
usg_flex_100w_firmwarege4.60
usg_flex_100w_firmwarelt5.37
usg_flex_200_firmwarege4.60
usg_flex_200_firmwarelt5.37

Name	Operator	Version
usg_20w-vpn_firmware	ge	4.60
usg_20w-vpn_firmware	lt	5.37
usg_2200-vpn_firmware	ge	4.60
usg_2200-vpn_firmware	lt	5.37
usg_flex_100_firmware	ge	4.60
usg_flex_100_firmware	lt	5.37
usg_flex_100w_firmware	ge	4.60
usg_flex_100w_firmware	lt	5.37
usg_flex_200_firmware	ge	4.60
usg_flex_200_firmware	lt	5.37