Command injection

2023-07-1718:15:00

PRIOn knowledge base

www.prio-n.com

zyxel atp

usg flex

usg flex 50(w)

usg20(w)-vpn

vpn

nxc2500

nxc5500

command injection

vulnerability

firmware versions

unauthenticated attacker

lan-based

os commands

authorized administrator

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.

CPENameOperatorVersion
nxc2500_firmwareeq>= 6.10aaig.0 AND <= 6.10aaig.3
nxc5500_firmwareeq>= 6.10aaos.0 AND <= 6.10aaos.4
usg_20w-vpn_firmwarege5.00
usg_20w-vpn_firmwarelt5.37
usg_2200-vpn_firmwarege5.00
usg_2200-vpn_firmwarelt5.37
usg_flex_100_firmwarege5.00
usg_flex_100_firmwarelt5.37
usg_flex_100w_firmwarege5.00
usg_flex_100w_firmwarelt5.37

Name	Operator	Version
nxc2500_firmware	eq	>= 6.10aaig.0 AND <= 6.10aaig.3
nxc5500_firmware	eq	>= 6.10aaos.0 AND <= 6.10aaos.4
usg_20w-vpn_firmware	ge	5.00
usg_20w-vpn_firmware	lt	5.37
usg_2200-vpn_firmware	ge	5.00
usg_2200-vpn_firmware	lt	5.37
usg_flex_100_firmware	ge	5.00
usg_flex_100_firmware	lt	5.37
usg_flex_100w_firmware	ge	5.00
usg_flex_100w_firmware	lt	5.37