The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
History
04 May 2023, 19:35
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zyxel usg Flex 700
Zyxel vpn1000 Zyxel atp200 Zyxel atp500 Zyxel vpn1000 Firmware Zyxel vpn50 Firmware Zyxel usg Flex 50w Firmware Zyxel usg Flex 200 Firmware Zyxel vpn100 Zyxel atp200 Firmware Zyxel vpn50 Zyxel atp100w Zyxel usg 20w-vpn Firmware Zyxel vpn300 Firmware Zyxel usg Flex 200 Zyxel usg Flex 50 Zyxel atp500 Firmware Zyxel usg Flex 50w Zyxel atp800 Zyxel usg Flex 700 Firmware Zyxel atp700 Zyxel usg Flex 100 Zyxel vpn300 Zyxel atp700 Firmware Zyxel atp100w Firmware Zyxel atp100 Zyxel vpn100 Firmware Zyxel atp800 Firmware Zyxel usg Flex 100w Zyxel usg 20w-vpn Zyxel usg Flex 500 Firmware Zyxel usg Flex 50 Firmware Zyxel usg Flex 100w Firmware Zyxel usg Flex 500 Zyxel Zyxel atp100 Firmware Zyxel usg Flex 100 Firmware |
|
References | (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-apsĀ - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:* |
24 Apr 2023, 17:43
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-24 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-22916
Mitre link : CVE-2023-22916
CVE.ORG link : CVE-2023-22916
JSON object : View
Products Affected
zyxel
- usg_flex_50_firmware
- atp200
- vpn1000_firmware
- atp100w_firmware
- usg_flex_50w
- vpn100_firmware
- usg_flex_100w
- usg_flex_100_firmware
- usg_flex_700
- vpn50
- atp200_firmware
- usg_flex_500_firmware
- vpn300
- atp800_firmware
- vpn300_firmware
- atp100_firmware
- atp100
- vpn1000
- atp500_firmware
- usg_flex_200
- atp800
- atp700_firmware
- atp700
- usg_flex_200_firmware
- usg_flex_50w_firmware
- usg_flex_50
- atp100w
- atp500
- usg_20w-vpn
- usg_flex_700_firmware
- vpn50_firmware
- usg_flex_100
- vpn100
- usg_flex_500
- usg_flex_100w_firmware
- usg_20w-vpn_firmware
CWE