Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for usg_2200-vpn_firmware by zyxel

    CVE-2023-34141 (GCVE-0-2023-34141)

    Vulnerability from nvd – Published: 2023-07-17 17:56 – Updated: 2024-10-29 16:06
    VLAI
    Summary
    A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel ATP series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX 50(W) series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG20(W)-VPN series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel NXC2500 firmware Affected: 6.10(AAIG.0) through 6.10(AAIG.3)
    Create a notification for this product.
    Zyxel NXC5500 firmware Affected: 6.10(AAOS.0) through 6.10(AAOS.4)
    Create a notification for this product.
    zyxel atp Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_50w_firmware Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg20w-vpn_firmware Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel vpn_firmware Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nxc2500_firmware Affected: 6.10(AAIG.0) , ≤ 6.10(AAIG.3) (custom)
        cpe:2.3:o:zyxel:nxc2500_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nxc5500_firmware Affected: 6.10(AAOS.0) , ≤ 6.10(AAOS.4) (custom)
        cpe:2.3:o:zyxel:nxc5500_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:53.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "atp",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg_flex",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg_flex_50w_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg20w-vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nxc2500_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nxc2500_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.10(AAIG.3)",
                    "status": "affected",
                    "version": "6.10(AAIG.0)",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nxc5500_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nxc5500_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.10(AAOS.4)",
                    "status": "affected",
                    "version": "6.10(AAOS.0)",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-29T15:54:42.546431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T16:06:41.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NXC2500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.10(AAIG.0) through 6.10(AAIG.3)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NXC5500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": " 6.10(AAOS.0) through 6.10(AAOS.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance."
                }
              ],
              "value": "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T17:56:26.818Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-34141",
        "datePublished": "2023-07-17T17:56:26.818Z",
        "dateReserved": "2023-05-26T03:44:51.339Z",
        "dateUpdated": "2024-10-29T16:06:41.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34140 (GCVE-0-2023-34140)

    Vulnerability from nvd – Published: 2023-07-17 17:49 – Updated: 2024-10-21 19:42
    VLAI
    Summary
    A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T19:17:36.859068Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T19:42:15.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NXC2500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.10(AAIG.0) through 6.10(AAIG.3)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NXC5500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.10(AAOS.0) through 6.10(AAOS.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2,\u0026nbsp;NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon."
                }
              ],
              "value": "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2,\u00a0NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T17:49:38.175Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-34140",
        "datePublished": "2023-07-17T17:49:38.175Z",
        "dateReserved": "2023-05-26T03:44:51.339Z",
        "dateUpdated": "2024-10-21T19:42:15.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34139 (GCVE-0-2023-34139)

    Vulnerability from nvd – Published: 2023-07-17 17:36 – Updated: 2024-10-29 16:19
    VLAI
    Summary
    A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel USG FLEX series firmware Affected: 4.50 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 4.20 through 5.36 Patch 2
    Create a notification for this product.
    zyxel usg_flex_firmware Affected: 4.50 , ≤ 5.36_Patch-2 (custom)
        cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel vpn_firmware Affected: 4.20 , ≤ 5.36_Patch-2 (custom)
        cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_Patch-2",
                    "status": "affected",
                    "version": "4.50",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_Patch-2",
                    "status": "affected",
                    "version": "4.20",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-29T16:18:52.786892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T16:19:03.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.20 through 5.36 Patch 2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2,\u0026nbsp;could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device."
                }
              ],
              "value": "A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2,\u00a0could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-18T01:16:42.677Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-34139",
        "datePublished": "2023-07-17T17:36:32.909Z",
        "dateReserved": "2023-05-26T03:44:51.339Z",
        "dateUpdated": "2024-10-29T16:19:03.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34138 (GCVE-0-2023-34138)

    Vulnerability from nvd – Published: 2023-07-17 17:31 – Updated: 2024-10-30 18:02
    VLAI
    Summary
    A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel ATP series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX 50(W) series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG20(W)-VPN series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    zyxel atp_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_50w_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg20w-vpn_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel vpn_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.181Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "atp_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg_flex_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg_flex_50w_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg20w-vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-30T17:59:03.869372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T18:02:28.372Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance."
                }
              ],
              "value": "A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T18:01:33.075Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-34138",
        "datePublished": "2023-07-17T17:31:40.719Z",
        "dateReserved": "2023-05-26T03:44:51.338Z",
        "dateUpdated": "2024-10-30T18:02:28.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33012 (GCVE-0-2023-33012)

    Vulnerability from nvd – Published: 2023-07-17 17:23 – Updated: 2025-03-05 18:48
    VLAI
    Summary
    A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33012",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:36:32.109342Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:48:53.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:32:46.561Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2,\u0026nbsp;could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled."
                }
              ],
              "value": "A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2,\u00a0could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T17:23:26.370Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-33012",
        "datePublished": "2023-07-17T17:23:26.370Z",
        "dateReserved": "2023-05-17T02:56:16.623Z",
        "dateUpdated": "2025-03-05T18:48:53.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33011 (GCVE-0-2023-33011)

    Vulnerability from nvd – Published: 2023-07-17 17:15 – Updated: 2024-11-07 19:08
    VLAI
    Summary
    A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Use of Externally-Controlled Format String
    Assigner
    Impacted products
    Vendor Product Version
    Zyxel ATP series firmware Affected: 5.10 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX 50(W) series firmware Affected: 5.10 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG20(W)-VPN series firmware Affected: 5.10 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    zyxel vpn_series_firmware Affected: 5.00 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:vpn_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel atp100_firmware Affected: 5.10 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_series_firmware Affected: 5.0.0 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_50\/w\/_series_firmware Affected: 5.10 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:usg_flex_50\/w\/_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg20w-vpn_firmware Affected: 5.10 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:32:46.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vpn_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vpn_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "atp100_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_50\\/w\\/_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_50\\/w\\/_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg20w-vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T18:57:20.597639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T19:08:01.595Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled."
                }
              ],
              "value": "A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134 Use of Externally-Controlled Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T17:15:45.876Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-33011",
        "datePublished": "2023-07-17T17:15:45.876Z",
        "dateReserved": "2023-05-17T02:56:16.623Z",
        "dateUpdated": "2024-11-07T19:08:01.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28767 (GCVE-0-2023-28767)

    Vulnerability from nvd – Published: 2023-07-17 16:59 – Updated: 2024-11-07 19:14
    VLAI
    Summary
    The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel ATP series firmware Affected: 5.10 through 5.36
    Create a notification for this product.
    Zyxel USG FLEX series firmware Affected: 5.00 through 5.36
    Create a notification for this product.
    Zyxel USG FLEX 50(W) series firmware Affected: 5.10 through 5.36
    Create a notification for this product.
    Zyxel USG20(W)-VPN series firmware Affected: 5.10 through 5.36
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 5.00 through 5.36
    Create a notification for this product.
    zyxel atp_series_firmware Affected: 5.10 , ≤ 5.36 (custom)
        cpe:2.3:o:zyxel:atp_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_series_firmware Affected: 5.0.0 , ≤ 5.36 (custom)
        cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_50\/w\/_series_firmware Affected: 5.10 , ≤ 5.36 (custom)
        cpe:2.3:o:zyxel:usg_flex_50\/w\/_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:atp_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "atp_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_50\\/w\\/_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_50\\/w\\/_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:atp_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "atp_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28767",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T19:08:51.946121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T19:14:46.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions\u0026nbsp;5.00 through 5.36,\u0026nbsp; USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled."
                }
              ],
              "value": "The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions\u00a05.00 through 5.36,\u00a0 USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T16:59:45.258Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-28767",
        "datePublished": "2023-07-17T16:59:45.258Z",
        "dateReserved": "2023-03-23T10:34:20.987Z",
        "dateUpdated": "2024-11-07T19:14:46.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30526 (GCVE-0-2022-30526)

    Vulnerability from nvd – Published: 2022-07-19 05:45 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG FLEX 100(W) firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 200 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 700 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.30"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 50(W) firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.30"
                }
              ]
            },
            {
              "product": "USG 20(W)-VPN firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.30"
                }
              ]
            },
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.09 through 4.72"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-31T18:06:17.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-30526",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG FLEX 100(W) firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 200 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 500 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 700 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.30 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 50(W) firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.16 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG 20(W)-VPN firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.16 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.09 through 4.72"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.8",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269: Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-30526",
        "datePublished": "2022-07-19T05:45:14.000Z",
        "dateReserved": "2022-05-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2030 (GCVE-0-2022-2030)

    Vulnerability from nvd – Published: 2022-07-19 05:55 – Updated: 2024-08-03 00:24
    VLAI
    Summary
    A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG FLEX 100(W) firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 200 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 700 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.30"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 50(W) firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.30"
                }
              ]
            },
            {
              "product": "USG 20(W)-VPN firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.30"
                }
              ]
            },
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.11 through 4.72"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T05:55:11.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-2030",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG FLEX 100(W) firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 200 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 500 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 700 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.30 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 50(W) firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.16 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG 20(W)-VPN firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.16 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.11 through 4.72"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-2030",
        "datePublished": "2022-07-19T05:55:11.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:24:44.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26532 (GCVE-0-2022-26532)

    Vulnerability from nvd – Published: 2022-05-24 05:20 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
              },
              {
                "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.09 through 4.71"
                }
              ]
            },
            {
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.21"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.21"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.21"
                }
              ]
            },
            {
              "product": "NSG series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00 through 1.33 Patch 4"
                }
              ]
            },
            {
              "product": "NXC2500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.10(AAIG.3)"
                }
              ]
            },
            {
              "product": "NAP203 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.25(ABFA.7)"
                }
              ]
            },
            {
              "product": "NWA50AX firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.25(ABYW.5)"
                }
              ]
            },
            {
              "product": "WAC500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.30(ABVS.2)"
                }
              ]
            },
            {
              "product": "WAX510D firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.30(ABTF.2)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A argument injection vulnerability in the \u0027packet-trace\u0027 CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-19T18:06:10.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
            },
            {
              "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-26532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.09 through 4.71"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.30 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NSG series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.00 through 1.33 Patch 4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NXC2500 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.10(AAIG.3)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NAP203 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.25(ABFA.7)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NWA50AX firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.25(ABYW.5)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WAC500 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.30(ABVS.2)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WAX510D firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.30(ABTF.2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A argument injection vulnerability in the \u0027packet-trace\u0027 CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.8",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
                },
                {
                  "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-26532",
        "datePublished": "2022-05-24T05:20:09.000Z",
        "dateReserved": "2022-03-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:32.963Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26531 (GCVE-0-2022-26531)

    Vulnerability from nvd – Published: 2022-05-24 00:00 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:33.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
              },
              {
                "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.09 through 4.71"
                }
              ]
            },
            {
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.21"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.21"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.21"
                }
              ]
            },
            {
              "product": "NSG series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00 through 1.33 Patch 4"
                }
              ]
            },
            {
              "product": "NXC2500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.10(AAIG.3)"
                }
              ]
            },
            {
              "product": "NAP203 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.25(ABFA.7)"
                }
              ]
            },
            {
              "product": "NWA50AX firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.25(ABYW.5)"
                }
              ]
            },
            {
              "product": "WAC500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.30(ABVS.2)"
                }
              ]
            },
            {
              "product": "WAX510D firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.30(ABTF.2)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T18:05:56.732Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
            },
            {
              "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
            },
            {
              "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-26531",
        "datePublished": "2022-05-24T00:00:00.000Z",
        "dateReserved": "2022-03-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:33.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0910 (GCVE-0-2022-0910)

    Vulnerability from nvd – Published: 2022-05-24 02:20 – Updated: 2024-08-02 23:47
    VLAI
    Summary
    A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 4.71"
                }
              ]
            },
            {
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.21"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.21"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-24T02:20:13.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-0910",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 4.71"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-0910",
        "datePublished": "2022-05-24T02:20:13.000Z",
        "dateReserved": "2022-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0734 (GCVE-0-2022-0734)

    Vulnerability from nvd – Published: 2022-05-24 02:10 – Updated: 2024-08-02 23:40
    VLAI
    Summary
    A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.35 through 4.70"
                }
              ]
            },
            {
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.20"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.35 through 5.20"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.35 through 5.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user\u0027s browser, such as cookies or session tokens, via a malicious script."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-24T02:10:12.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-0734",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.35 through 4.70"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.35 through 5.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.35 through 5.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user\u0027s browser, such as cookies or session tokens, via a malicious script."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.8",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-0734",
        "datePublished": "2022-05-24T02:10:12.000Z",
        "dateReserved": "2022-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9129 (GCVE-0-2018-9129)

    Vulnerability from nvd – Published: 2018-08-15 18:00 – Updated: 2024-08-05 07:17
    VLAI
    Summary
    ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:51.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32%28AAPH.0%29C0_2.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-15T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32%28AAPH.0%29C0_2.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-9129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html",
                  "refsource": "MISC",
                  "url": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html"
                },
                {
                  "name": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32(AAPH.0)C0_2.pdf",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32(AAPH.0)C0_2.pdf"
                },
                {
                  "name": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-9129",
        "datePublished": "2018-08-15T18:00:00.000Z",
        "dateReserved": "2018-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:51.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34141 (GCVE-0-2023-34141)

    Vulnerability from cvelistv5 – Published: 2023-07-17 17:56 – Updated: 2024-10-29 16:06
    VLAI
    Summary
    A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel ATP series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX 50(W) series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG20(W)-VPN series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel NXC2500 firmware Affected: 6.10(AAIG.0) through 6.10(AAIG.3)
    Create a notification for this product.
    Zyxel NXC5500 firmware Affected: 6.10(AAOS.0) through 6.10(AAOS.4)
    Create a notification for this product.
    zyxel atp Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_50w_firmware Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg20w-vpn_firmware Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel vpn_firmware Affected: 5.00 , ≤ 5.36_patch-2 (custom)
        cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nxc2500_firmware Affected: 6.10(AAIG.0) , ≤ 6.10(AAIG.3) (custom)
        cpe:2.3:o:zyxel:nxc2500_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nxc5500_firmware Affected: 6.10(AAOS.0) , ≤ 6.10(AAOS.4) (custom)
        cpe:2.3:o:zyxel:nxc5500_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:53.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zyxel:atp:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "atp",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zyxel:usg_flex:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg_flex",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg_flex_50w_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg20w-vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch-2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nxc2500_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nxc2500_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.10(AAIG.3)",
                    "status": "affected",
                    "version": "6.10(AAIG.0)",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nxc5500_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nxc5500_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.10(AAOS.4)",
                    "status": "affected",
                    "version": "6.10(AAOS.0)",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-29T15:54:42.546431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T16:06:41.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NXC2500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.10(AAIG.0) through 6.10(AAIG.3)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NXC5500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": " 6.10(AAOS.0) through 6.10(AAOS.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance."
                }
              ],
              "value": "A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T17:56:26.818Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-34141",
        "datePublished": "2023-07-17T17:56:26.818Z",
        "dateReserved": "2023-05-26T03:44:51.339Z",
        "dateUpdated": "2024-10-29T16:06:41.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34140 (GCVE-0-2023-34140)

    Vulnerability from cvelistv5 – Published: 2023-07-17 17:49 – Updated: 2024-10-21 19:42
    VLAI
    Summary
    A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T19:17:36.859068Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T19:42:15.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NXC2500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.10(AAIG.0) through 6.10(AAIG.3)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NXC5500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.10(AAOS.0) through 6.10(AAOS.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2,\u0026nbsp;NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon."
                }
              ],
              "value": "A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2,\u00a0NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T17:49:38.175Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-34140",
        "datePublished": "2023-07-17T17:49:38.175Z",
        "dateReserved": "2023-05-26T03:44:51.339Z",
        "dateUpdated": "2024-10-21T19:42:15.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34139 (GCVE-0-2023-34139)

    Vulnerability from cvelistv5 – Published: 2023-07-17 17:36 – Updated: 2024-10-29 16:19
    VLAI
    Summary
    A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel USG FLEX series firmware Affected: 4.50 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 4.20 through 5.36 Patch 2
    Create a notification for this product.
    zyxel usg_flex_firmware Affected: 4.50 , ≤ 5.36_Patch-2 (custom)
        cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel vpn_firmware Affected: 4.20 , ≤ 5.36_Patch-2 (custom)
        cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_Patch-2",
                    "status": "affected",
                    "version": "4.50",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_Patch-2",
                    "status": "affected",
                    "version": "4.20",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-29T16:18:52.786892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T16:19:03.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.20 through 5.36 Patch 2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2,\u0026nbsp;could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device."
                }
              ],
              "value": "A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2,\u00a0could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-18T01:16:42.677Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-34139",
        "datePublished": "2023-07-17T17:36:32.909Z",
        "dateReserved": "2023-05-26T03:44:51.339Z",
        "dateUpdated": "2024-10-29T16:19:03.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34138 (GCVE-0-2023-34138)

    Vulnerability from cvelistv5 – Published: 2023-07-17 17:31 – Updated: 2024-10-30 18:02
    VLAI
    Summary
    A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel ATP series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX 50(W) series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG20(W)-VPN series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 4.60 through 5.36 Patch 2
    Create a notification for this product.
    zyxel atp_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_50w_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg20w-vpn_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel vpn_firmware Affected: 4.60 , ≤ 5.36 Patch 2 (custom)
        cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.181Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "atp_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg_flex_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg_flex_50w_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "usg20w-vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36 Patch 2",
                    "status": "affected",
                    "version": "4.60",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-30T17:59:03.869372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T18:02:28.372Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.60 through 5.36 Patch 2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance."
                }
              ],
              "value": "A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T18:01:33.075Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-34138",
        "datePublished": "2023-07-17T17:31:40.719Z",
        "dateReserved": "2023-05-26T03:44:51.338Z",
        "dateUpdated": "2024-10-30T18:02:28.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33012 (GCVE-0-2023-33012)

    Vulnerability from cvelistv5 – Published: 2023-07-17 17:23 – Updated: 2025-03-05 18:48
    VLAI
    Summary
    A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33012",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:36:32.109342Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:48:53.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:32:46.561Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2,\u0026nbsp;could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled."
                }
              ],
              "value": "A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2,\u00a0could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T17:23:26.370Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-33012",
        "datePublished": "2023-07-17T17:23:26.370Z",
        "dateReserved": "2023-05-17T02:56:16.623Z",
        "dateUpdated": "2025-03-05T18:48:53.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33011 (GCVE-0-2023-33011)

    Vulnerability from cvelistv5 – Published: 2023-07-17 17:15 – Updated: 2024-11-07 19:08
    VLAI
    Summary
    A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Use of Externally-Controlled Format String
    Assigner
    Impacted products
    Vendor Product Version
    Zyxel ATP series firmware Affected: 5.10 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG FLEX 50(W) series firmware Affected: 5.10 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel USG20(W)-VPN series firmware Affected: 5.10 through 5.36 Patch 2
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 5.00 through 5.36 Patch 2
    Create a notification for this product.
    zyxel vpn_series_firmware Affected: 5.00 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:vpn_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel atp100_firmware Affected: 5.10 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_series_firmware Affected: 5.0.0 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_50\/w\/_series_firmware Affected: 5.10 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:usg_flex_50\/w\/_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg20w-vpn_firmware Affected: 5.10 , ≤ 5.36_patch_2 (custom)
        cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:32:46.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vpn_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vpn_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.00",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "atp100_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_50\\/w\\/_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_50\\/w\\/_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg20w-vpn_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36_patch_2",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T18:57:20.597639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T19:08:01.595Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36 Patch 2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled."
                }
              ],
              "value": "A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134 Use of Externally-Controlled Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T17:15:45.876Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-33011",
        "datePublished": "2023-07-17T17:15:45.876Z",
        "dateReserved": "2023-05-17T02:56:16.623Z",
        "dateUpdated": "2024-11-07T19:08:01.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28767 (GCVE-0-2023-28767)

    Vulnerability from cvelistv5 – Published: 2023-07-17 16:59 – Updated: 2024-11-07 19:14
    VLAI
    Summary
    The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel ATP series firmware Affected: 5.10 through 5.36
    Create a notification for this product.
    Zyxel USG FLEX series firmware Affected: 5.00 through 5.36
    Create a notification for this product.
    Zyxel USG FLEX 50(W) series firmware Affected: 5.10 through 5.36
    Create a notification for this product.
    Zyxel USG20(W)-VPN series firmware Affected: 5.10 through 5.36
    Create a notification for this product.
    Zyxel VPN series firmware Affected: 5.00 through 5.36
    Create a notification for this product.
    zyxel atp_series_firmware Affected: 5.10 , ≤ 5.36 (custom)
        cpe:2.3:o:zyxel:atp_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_series_firmware Affected: 5.0.0 , ≤ 5.36 (custom)
        cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel usg_flex_50\/w\/_series_firmware Affected: 5.10 , ≤ 5.36 (custom)
        cpe:2.3:o:zyxel:usg_flex_50\/w\/_series_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:atp_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "atp_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_50\\/w\\/_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_50\\/w\\/_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:usg_flex_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usg_flex_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:atp_series_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "atp_series_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.36",
                    "status": "affected",
                    "version": "5.10",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28767",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T19:08:51.946121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T19:14:46.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG FLEX 50(W) series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "USG20(W)-VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.10 through 5.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00 through 5.36"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions\u0026nbsp;5.00 through 5.36,\u0026nbsp; USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled."
                }
              ],
              "value": "The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions\u00a05.00 through 5.36,\u00a0 USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-17T16:59:45.258Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2023-28767",
        "datePublished": "2023-07-17T16:59:45.258Z",
        "dateReserved": "2023-03-23T10:34:20.987Z",
        "dateUpdated": "2024-11-07T19:14:46.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2030 (GCVE-0-2022-2030)

    Vulnerability from cvelistv5 – Published: 2022-07-19 05:55 – Updated: 2024-08-03 00:24
    VLAI
    Summary
    A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG FLEX 100(W) firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 200 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 700 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.30"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 50(W) firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.30"
                }
              ]
            },
            {
              "product": "USG 20(W)-VPN firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.30"
                }
              ]
            },
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.11 through 4.72"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T05:55:11.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-2030",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG FLEX 100(W) firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 200 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 500 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 700 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.30 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 50(W) firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.16 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG 20(W)-VPN firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.16 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.11 through 4.72"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-2030",
        "datePublished": "2022-07-19T05:55:11.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:24:44.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30526 (GCVE-0-2022-30526)

    Vulnerability from cvelistv5 – Published: 2022-07-19 05:45 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG FLEX 100(W) firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 200 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 700 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.30"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.30"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.30"
                }
              ]
            },
            {
              "product": "USG FLEX 50(W) firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.30"
                }
              ]
            },
            {
              "product": "USG 20(W)-VPN firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.16 through 5.30"
                }
              ]
            },
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.09 through 4.72"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-31T18:06:17.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-30526",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG FLEX 100(W) firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 200 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 500 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 700 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.30 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX 50(W) firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.16 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG 20(W)-VPN firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.16 through 5.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.09 through 4.72"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.8",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269: Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-30526",
        "datePublished": "2022-07-19T05:45:14.000Z",
        "dateReserved": "2022-05-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26532 (GCVE-0-2022-26532)

    Vulnerability from cvelistv5 – Published: 2022-05-24 05:20 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
              },
              {
                "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.09 through 4.71"
                }
              ]
            },
            {
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.21"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.21"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.21"
                }
              ]
            },
            {
              "product": "NSG series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00 through 1.33 Patch 4"
                }
              ]
            },
            {
              "product": "NXC2500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.10(AAIG.3)"
                }
              ]
            },
            {
              "product": "NAP203 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.25(ABFA.7)"
                }
              ]
            },
            {
              "product": "NWA50AX firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.25(ABYW.5)"
                }
              ]
            },
            {
              "product": "WAC500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.30(ABVS.2)"
                }
              ]
            },
            {
              "product": "WAX510D firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.30(ABTF.2)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A argument injection vulnerability in the \u0027packet-trace\u0027 CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-19T18:06:10.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
            },
            {
              "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-26532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.09 through 4.71"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.30 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NSG series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.00 through 1.33 Patch 4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NXC2500 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.10(AAIG.3)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NAP203 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.25(ABFA.7)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "NWA50AX firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.25(ABYW.5)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WAC500 firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.30(ABVS.2)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WAX510D firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 6.30(ABTF.2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A argument injection vulnerability in the \u0027packet-trace\u0027 CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.8",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
                },
                {
                  "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
                },
                {
                  "name": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-26532",
        "datePublished": "2022-05-24T05:20:09.000Z",
        "dateReserved": "2022-03-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:32.963Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0910 (GCVE-0-2022-0910)

    Vulnerability from cvelistv5 – Published: 2022-05-24 02:20 – Updated: 2024-08-02 23:47
    VLAI
    Summary
    A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 4.71"
                }
              ]
            },
            {
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.21"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.21"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-24T02:20:13.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-0910",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 4.71"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.32 through 5.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-0910",
        "datePublished": "2022-05-24T02:20:13.000Z",
        "dateReserved": "2022-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0734 (GCVE-0-2022-0734)

    Vulnerability from cvelistv5 – Published: 2022-05-24 02:10 – Updated: 2024-08-02 23:40
    VLAI
    Summary
    A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.35 through 4.70"
                }
              ]
            },
            {
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.20"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.35 through 5.20"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.35 through 5.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user\u0027s browser, such as cookies or session tokens, via a malicious script."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-24T02:10:12.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2022-0734",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "USG/ZyWALL series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.35 through 4.70"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "USG FLEX series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.50 through 5.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ATP series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.35 through 5.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN series firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.35 through 5.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user\u0027s browser, such as cookies or session tokens, via a malicious script."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.8",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-0734",
        "datePublished": "2022-05-24T02:10:12.000Z",
        "dateReserved": "2022-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26531 (GCVE-0-2022-26531)

    Vulnerability from cvelistv5 – Published: 2022-05-24 00:00 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:33.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
              },
              {
                "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "USG/ZyWALL series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.09 through 4.71"
                }
              ]
            },
            {
              "product": "USG FLEX series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.50 through 5.21"
                }
              ]
            },
            {
              "product": "ATP series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32 through 5.21"
                }
              ]
            },
            {
              "product": "VPN series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.30 through 5.21"
                }
              ]
            },
            {
              "product": "NSG series firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00 through 1.33 Patch 4"
                }
              ]
            },
            {
              "product": "NXC2500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.10(AAIG.3)"
                }
              ]
            },
            {
              "product": "NAP203 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.25(ABFA.7)"
                }
              ]
            },
            {
              "product": "NWA50AX firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.25(ABYW.5)"
                }
              ]
            },
            {
              "product": "WAC500 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.30(ABVS.2)"
                }
              ]
            },
            {
              "product": "WAX510D firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 6.30(ABTF.2)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T18:05:56.732Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"
            },
            {
              "name": "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/15"
            },
            {
              "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-26531",
        "datePublished": "2022-05-24T00:00:00.000Z",
        "dateReserved": "2022-03-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:33.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9129 (GCVE-0-2018-9129)

    Vulnerability from cvelistv5 – Published: 2018-08-15 18:00 – Updated: 2024-08-05 07:17
    VLAI
    Summary
    ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:51.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32%28AAPH.0%29C0_2.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-15T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32%28AAPH.0%29C0_2.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-9129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html",
                  "refsource": "MISC",
                  "url": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html"
                },
                {
                  "name": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32(AAPH.0)C0_2.pdf",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32(AAPH.0)C0_2.pdf"
                },
                {
                  "name": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-9129",
        "datePublished": "2018-08-15T18:00:00.000Z",
        "dateReserved": "2018-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:51.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }