Search
Find a vulnerability
Search criteria
4 vulnerabilities found for NXC5500 firmware by Zyxel
CVE-2023-34141 (GCVE-0-2023-34141)
Vulnerability from nvd – Published: 2023-07-17 17:56 – Updated: 2024-10-29 16:06
VLAI
EPSS
VEX
Summary
A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zyxel.com/global/en/support/security-… | vendor-advisory |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | USG FLEX series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | USG FLEX 50(W) series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | USG20(W)-VPN series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | VPN series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | NXC2500 firmware |
Affected:
6.10(AAIG.0) through 6.10(AAIG.3)
|
|
| Zyxel | NXC5500 firmware |
Affected:
6.10(AAOS.0) through 6.10(AAOS.4)
|
|
| zyxel | atp |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:* |
|
| zyxel | usg_flex |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:* |
|
| zyxel | usg_flex_50w_firmware |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:* |
|
| zyxel | usg20w-vpn_firmware |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:* |
|
| zyxel | vpn_firmware |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:* |
|
| zyxel | nxc2500_firmware |
Affected:
6.10(AAIG.0) , ≤ 6.10(AAIG.3)
(custom)
cpe:2.3:o:zyxel:nxc2500_firmware:-:*:*:*:*:*:*:* |
|
| zyxel | nxc5500_firmware |
Affected:
6.10(AAOS.0) , ≤ 6.10(AAOS.4)
(custom)
cpe:2.3:o:zyxel:nxc5500_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:53.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "atp",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "usg_flex",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "usg_flex_50w_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "usg20w-vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nxc2500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nxc2500_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "6.10(AAIG.3)",
"status": "affected",
"version": "6.10(AAIG.0)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nxc5500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nxc5500_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "6.10(AAOS.4)",
"status": "affected",
"version": "6.10(AAOS.0)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T15:54:42.546431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:06:41.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NXC2500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "6.10(AAIG.0) through 6.10(AAIG.3)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NXC5500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": " 6.10(AAOS.0) through 6.10(AAOS.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance."
}
],
"value": "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T17:56:26.818Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-34141",
"datePublished": "2023-07-17T17:56:26.818Z",
"dateReserved": "2023-05-26T03:44:51.339Z",
"dateUpdated": "2024-10-29T16:06:41.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34140 (GCVE-0-2023-34140)
Vulnerability from nvd – Published: 2023-07-17 17:49 – Updated: 2024-10-21 19:42
VLAI
EPSS
VEX
Summary
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zyxel.com/global/en/support/security-… | vendor-advisory |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.36 Patch 2
|
|
| Zyxel | USG FLEX series firmware |
Affected:
4.50 through 5.36 Patch 2
|
|
| Zyxel | USG FLEX 50(W) series firmware |
Affected:
4.16 through 5.36 Patch 2
|
|
| Zyxel | USG20(W)-VPN series firmware |
Affected:
4.16 through 5.36 Patch 2
|
|
| Zyxel | VPN series firmware |
Affected:
4.30 through 5.36 Patch 2
|
|
| Zyxel | NXC2500 firmware |
Affected:
6.10(AAIG.0) through 6.10(AAIG.3)
|
|
| Zyxel | NXC5500 firmware |
Affected:
6.10(AAOS.0) through 6.10(AAOS.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T19:17:36.859068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T19:42:15.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NXC2500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "6.10(AAIG.0) through 6.10(AAIG.3)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NXC5500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "6.10(AAOS.0) through 6.10(AAOS.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2,\u0026nbsp;NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon."
}
],
"value": "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2,\u00a0NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T17:49:38.175Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-34140",
"datePublished": "2023-07-17T17:49:38.175Z",
"dateReserved": "2023-05-26T03:44:51.339Z",
"dateUpdated": "2024-10-21T19:42:15.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34141 (GCVE-0-2023-34141)
Vulnerability from cvelistv5 – Published: 2023-07-17 17:56 – Updated: 2024-10-29 16:06
VLAI
EPSS
VEX
Summary
A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zyxel.com/global/en/support/security-… | vendor-advisory |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | USG FLEX series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | USG FLEX 50(W) series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | USG20(W)-VPN series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | VPN series firmware |
Affected:
5.00 through 5.36 Patch 2
|
|
| Zyxel | NXC2500 firmware |
Affected:
6.10(AAIG.0) through 6.10(AAIG.3)
|
|
| Zyxel | NXC5500 firmware |
Affected:
6.10(AAOS.0) through 6.10(AAOS.4)
|
|
| zyxel | atp |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:* |
|
| zyxel | usg_flex |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:* |
|
| zyxel | usg_flex_50w_firmware |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:* |
|
| zyxel | usg20w-vpn_firmware |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:* |
|
| zyxel | vpn_firmware |
Affected:
5.00 , ≤ 5.36_patch-2
(custom)
cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:* |
|
| zyxel | nxc2500_firmware |
Affected:
6.10(AAIG.0) , ≤ 6.10(AAIG.3)
(custom)
cpe:2.3:o:zyxel:nxc2500_firmware:-:*:*:*:*:*:*:* |
|
| zyxel | nxc5500_firmware |
Affected:
6.10(AAOS.0) , ≤ 6.10(AAOS.4)
(custom)
cpe:2.3:o:zyxel:nxc5500_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:53.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "atp",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "usg_flex",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "usg_flex_50w_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "usg20w-vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.36_patch-2",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nxc2500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nxc2500_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "6.10(AAIG.3)",
"status": "affected",
"version": "6.10(AAIG.0)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nxc5500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nxc5500_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "6.10(AAOS.4)",
"status": "affected",
"version": "6.10(AAOS.0)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T15:54:42.546431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:06:41.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "5.00 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NXC2500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "6.10(AAIG.0) through 6.10(AAIG.3)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NXC5500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": " 6.10(AAOS.0) through 6.10(AAOS.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance."
}
],
"value": "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T17:56:26.818Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-34141",
"datePublished": "2023-07-17T17:56:26.818Z",
"dateReserved": "2023-05-26T03:44:51.339Z",
"dateUpdated": "2024-10-29T16:06:41.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34140 (GCVE-0-2023-34140)
Vulnerability from cvelistv5 – Published: 2023-07-17 17:49 – Updated: 2024-10-21 19:42
VLAI
EPSS
VEX
Summary
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zyxel.com/global/en/support/security-… | vendor-advisory |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zyxel | ATP series firmware |
Affected:
4.32 through 5.36 Patch 2
|
|
| Zyxel | USG FLEX series firmware |
Affected:
4.50 through 5.36 Patch 2
|
|
| Zyxel | USG FLEX 50(W) series firmware |
Affected:
4.16 through 5.36 Patch 2
|
|
| Zyxel | USG20(W)-VPN series firmware |
Affected:
4.16 through 5.36 Patch 2
|
|
| Zyxel | VPN series firmware |
Affected:
4.30 through 5.36 Patch 2
|
|
| Zyxel | NXC2500 firmware |
Affected:
6.10(AAIG.0) through 6.10(AAIG.3)
|
|
| Zyxel | NXC5500 firmware |
Affected:
6.10(AAOS.0) through 6.10(AAOS.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T19:17:36.859068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T19:42:15.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.16 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.36 Patch 2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NXC2500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "6.10(AAIG.0) through 6.10(AAIG.3)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NXC5500 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "6.10(AAOS.0) through 6.10(AAOS.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2,\u0026nbsp;NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon."
}
],
"value": "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2,\u00a0NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T17:49:38.175Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-34140",
"datePublished": "2023-07-17T17:49:38.175Z",
"dateReserved": "2023-05-26T03:44:51.339Z",
"dateUpdated": "2024-10-21T19:42:15.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}