Lucene search

ZyxelCVE-2023-37925

HistoryNov 28, 2023 - 2:15 a.m.

CVE-2023-37925

2023-11-2802:15:42

CWE-269

Zyxel

web.nvd.nist.gov

cve-2023-37925

zyxel

atp

usg flex

vpn

firmware

vulnerability

cli

access

local attacker

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.

Affected configurations

Nvd

Node

zyxelatp100Match-

zyxelatp100wMatch-

zyxelatp200Match-

zyxelatp500Match-

zyxelatp700Match-

zyxelatp800Match-

AND

zyxelzldRange4.32–5.37

Node

zyxelusg_flex_100Match-

zyxelusg_flex_100wMatch-

zyxelusg_flex_200Match-

zyxelusg_flex_50Match-

zyxelusg_flex_500Match-

zyxelusg_flex_50wMatch-

zyxelusg_flex_700Match-

AND

zyxelzldRange4.50–5.37

Node

zyxelusg_20w-vpnMatch-

zyxelvpn50wMatch-

AND

zyxelzldRange4.16–5.37

Node

zyxelvpn100Match-

zyxelvpn1000Match-

zyxelvpn300Match-

zyxelvpn50Match-

AND

zyxelzldRange4.30–5.37

Node

zyxelnwa110axMatch-

AND

zyxelnwa110ax_firmwareRange<6.70\(abtg.0\)

Node

zyxelnwa1123acv3Match-

AND

zyxelnwa1123acv3_firmwareRange<6.70\(abvt.0\)

Node

zyxelnwa210axMatch-

AND

zyxelnwa210ax_firmwareRange<6.70\(abtd.0\)

Node

zyxelnwa220ax-6eMatch-

AND

zyxelnwa220ax-6e_firmwareRange<6.70\(acco.0\)

Node

zyxelnwa50ax_firmwareRange<6.80\(abyw.0\)

AND

zyxelnwa50axMatch-

Node

zyxelnwa50ax-pro_firmwareRange<6.80\(acge.0\)

AND

zyxelnwa50ax-proMatch-

Node

zyxelnwa55axe_firmwareRange<6.80\(abzl.0\)

AND

zyxelnwa55axeMatch-

Node

zyxelnwa90ax_firmwareRange<6.80\(accv.0\)

AND

zyxelnwa90axMatch-

Node

zyxelnwa90ax-pro_firmwareRange<6.80\(acgf.0\)

AND

zyxelnwa90ax-proMatch-

Node

zyxelwac500_firmwareRange<6.70\(abvs.0\)

AND

zyxelwac500Match-

Node

zyxelwac500h_firmwareRange<6.70\(abwa.0\)

AND

zyxelwac500hMatch-

Node

zyxelwax510d_firmwareRange<6.70\(abtf.0\)

AND

zyxelwax510dMatch-

Node

zyxelwax610d_firmwareRange<6.70\(abte.0\)

AND

zyxelwax610dMatch-

Node

zyxelwax620d-6e_firmwareRange<6.70\(accn.0\)

AND

zyxelwax620d-6eMatch-

Node

zyxelwax630s_firmwareRange<6.70\(abzd.0\)

AND

zyxelwax630sMatch-

Node

zyxelwax640s-6e_firmwareRange<6.70\(accm.0\)

AND

zyxelwax640s-6eMatch-

Node

zyxelwax650s_firmwareRange<6.70\(abrm.0\)

AND

zyxelwax650sMatch-

Node

zyxelwax655e_firmwareRange<6.70\(acdo.0\)

AND

zyxelwax655eMatch-

Node

zyxelwbe660s_firmwareRange<6.70\(acgg.0\)

AND

zyxelwbe660sMatch-

VendorProductVersionCPE
zyxelatp100-cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*
zyxelatp100w-cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*
zyxelatp200-cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*
zyxelatp500-cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*
zyxelatp700-cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*
zyxelatp800-cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*
zyxelzld*cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*
zyxelusg_flex_100-cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
zyxelusg_flex_100w-cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*
zyxelusg_flex_200-cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	atp100	-	cpe:2.3:h:zyxel:atp100:-:::::::*
zyxel	atp100w	-	cpe:2.3:h:zyxel:atp100w:-:::::::*
zyxel	atp200	-	cpe:2.3:h:zyxel:atp200:-:::::::*
zyxel	atp500	-	cpe:2.3:h:zyxel:atp500:-:::::::*
zyxel	atp700	-	cpe:2.3:h:zyxel:atp700:-:::::::*
zyxel	atp800	-	cpe:2.3:h:zyxel:atp800:-:::::::*
zyxel	zld	*	cpe:2.3:o:zyxel:zld::::::::
zyxel	usg_flex_100	-	cpe:2.3:h:zyxel:usg_flex_100:-:::::::*
zyxel	usg_flex_100w	-	cpe:2.3:h:zyxel:usg_flex_100w:-:::::::*
zyxel	usg_flex_200	-	cpe:2.3:h:zyxel:usg_flex_200:-:::::::*

Rows per page:

1-10 of 581

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.32 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.50 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX 50(W) series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.16 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG20(W)-VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.16 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.30 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NWA50AX firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.29(ABYW.2)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WAC500 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.65(ABVS.1)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WAX300H firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.60(ACHF.1)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WBE660S firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.65(ACGG.1)"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-37925