Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-34139
HistoryJul 17, 2023 - 6:15 p.m.

CVE-2023-34139

2023-07-1718:15:09
CWE-78
[email protected]
web.nvd.nist.gov
6
command injection
zyxel usg
vpn series
firmware vulnerability
os commands

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

18.8%

JSON

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.

Affected configurations

Nvd
Node
zyxelusg_2200-vpn_firmwareRange4.205.37
AND
zyxelusg_2200-vpnMatch-
Node
zyxelusg_flex_100_firmwareRange4.505.37
AND
zyxelusg_flex_100Match-
Node
zyxelusg_flex_100w_firmwareRange4.505.37
AND
zyxelusg_flex_100wMatch-
Node
zyxelusg_flex_200_firmwareRange4.505.37
AND
zyxelusg_flex_200Match-
Node
zyxelusg_flex_50_firmwareRange4.505.37
AND
zyxelusg_flex_50Match-
Node
zyxelusg_flex_500_firmwareRange4.505.37
AND
zyxelusg_flex_500Match-
Node
zyxelusg_flex_50w_firmwareRange4.505.37
AND
zyxelusg_flex_50wMatch-
Node
zyxelusg_flex_700_firmwareRange4.505.37
AND
zyxelusg_flex_700Match-
Node
zyxelzywall_vpn100_firmwareRange4.205.37
AND
zyxelzywall_vpn100Match-
Node
zyxelzywall_vpn2s_firmwareRange4.205.37
AND
zyxelzywall_vpn2sMatch-
Node
zyxelzywall_vpn300_firmwareRange4.205.37
AND
zyxelzywall_vpn300Match-
Node
zyxelzywall_vpn50_firmwareRange4.205.37
AND
zyxelzywall_vpn50Match-
Node
zyxelzywall_vpn_100_firmwareRange4.205.37
AND
zyxelzywall_vpn_100Match-
Node
zyxelzywall_vpn_300_firmwareRange4.205.37
AND
zyxelzywall_vpn_300Match-
Node
zyxelzywall_vpn_50_firmwareRange4.205.37
AND
zyxelzywall_vpn_50Match-
VendorProductVersionCPE
zyxelusg_2200-vpn_firmware*cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*
zyxelusg_2200-vpn-cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*
zyxelusg_flex_100_firmware*cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*
zyxelusg_flex_100-cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
zyxelusg_flex_100w_firmware*cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
zyxelusg_flex_100w-cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*
zyxelusg_flex_200_firmware*cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
zyxelusg_flex_200-cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*
zyxelusg_flex_50_firmware*cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
zyxelusg_flex_50-cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 301

Related

cvelist 1
prion 1
cve 1
nessus 1
cvelist
cvelist
CVE-2023-34139
2023-07-17 17:36:32
prion
prion
Command injection
2023-07-17 18:15:00
cve
cve
CVE-2023-34139
2023-07-17 18:15:09
nessus
nessus
Zyxel USG < 5.37 / ATP < 5.37 / VPN < 5.37 Multiple Vulnerabilities
2023-08-07 00:00:00

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

18.8%

JSON
Related for NVD:CVE-2023-34139
cvelist1prion1cve1nessus1