A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
History
04 May 2023, 13:17
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CWE | CWE-77 | |
CPE | cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:* |
|
First Time |
Zyxel usg Flex 700
Zyxel vpn300 Zyxel vpn1000 Zyxel vpn1000 Firmware Zyxel vpn50 Firmware Zyxel usg Flex 50w Firmware Zyxel usg Flex 200 Firmware Zyxel vpn100 Zyxel vpn50 Zyxel vpn100 Firmware Zyxel Zyxel vpn300 Firmware Zyxel usg Flex 100w Zyxel usg Flex 200 Zyxel usg Flex 50 Zyxel usg Flex 50 Firmware Zyxel usg Flex 50w Zyxel usg Flex 500 Firmware Zyxel usg Flex 100w Firmware Zyxel usg Flex 500 Zyxel usg Flex 700 Firmware Zyxel usg Flex 100 Zyxel usg Flex 100 Firmware |
|
References | (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps - Vendor Advisory |
24 Apr 2023, 17:43
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-24 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-22913
Mitre link : CVE-2023-22913
CVE.ORG link : CVE-2023-22913
JSON object : View
Products Affected
zyxel
- usg_flex_100_firmware
- vpn100_firmware
- usg_flex_200
- usg_flex_50
- usg_flex_100
- usg_flex_50w_firmware
- usg_flex_700_firmware
- usg_flex_700
- vpn1000
- vpn50
- usg_flex_100w_firmware
- vpn100
- usg_flex_500
- vpn300
- vpn50_firmware
- usg_flex_50w
- usg_flex_500_firmware
- vpn1000_firmware
- vpn300_firmware
- usg_flex_200_firmware
- usg_flex_100w
- usg_flex_50_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')