A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
History
04 May 2023, 14:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CWE | CWE-22 | |
References | (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps - Vendor Advisory | |
First Time |
Zyxel usg Flex 700
Zyxel vpn300 Zyxel vpn1000 Zyxel vpn1000 Firmware Zyxel vpn50 Firmware Zyxel usg Flex 50w Firmware Zyxel usg Flex 200 Firmware Zyxel vpn100 Zyxel vpn50 Zyxel vpn100 Firmware Zyxel Zyxel vpn300 Firmware Zyxel usg Flex 100w Zyxel usg Flex 200 Zyxel usg Flex 50 Zyxel usg Flex 50 Firmware Zyxel usg Flex 50w Zyxel usg Flex 500 Firmware Zyxel usg Flex 100w Firmware Zyxel usg Flex 500 Zyxel usg Flex 700 Firmware Zyxel usg Flex 100 Zyxel usg Flex 100 Firmware |
24 Apr 2023, 17:43
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-24 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-22914
Mitre link : CVE-2023-22914
CVE.ORG link : CVE-2023-22914
JSON object : View
Products Affected
zyxel
- vpn300
- usg_flex_100w_firmware
- usg_flex_500
- vpn50_firmware
- usg_flex_50w_firmware
- usg_flex_200
- usg_flex_50_firmware
- usg_flex_100_firmware
- usg_flex_50
- usg_flex_100
- vpn50
- usg_flex_50w
- usg_flex_700_firmware
- usg_flex_500_firmware
- vpn100_firmware
- vpn1000_firmware
- vpn1000
- vpn100
- vpn300_firmware
- usg_flex_700
- usg_flex_200_firmware
- usg_flex_100w
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')