CVE-2023-37925

{"id": "CVE-2023-37925", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-11-28T02:15:42.547", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "tags": ["Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad de administraci\u00f3n de privilegios inadecuada en el comando CLI de depuraci\u00f3n de las versiones de firmware: \nserie Zyxel ATP 4.32 a 5.37, \nserie USG FLEX 4.50 a 5.37, \nserie USG FLEX 50(W) 4.16 a 5.37, \nserie USG20(W)-VPN 4.16 a 5.37, \nserie VPN 4.30 a 5.37,\nNWA50AX 6.29 (ABYW.2), \nWAC500 6.65 (ABVS.1), \nWAX300H 6.60 (ACHF.1) y\nWBE660S 6.65 ( ACGG.1).\nPodr\u00eda permitir que un atacante local autenticado acceda a los archivos del sistema en un dispositivo afectado."}], "lastModified": "2023-12-04T18:09:07.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18", "versionEndIncluding": "5.37", "versionStartIncluding": "4.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"}, {"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"}, {"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"}, {"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"}, {"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"}, {"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0", "versionEndIncluding": "5.37", "versionStartIncluding": "4.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD", "versionEndIncluding": "5.37", "versionStartIncluding": "4.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"}, {"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625", "versionEndIncluding": "5.37", "versionStartIncluding": "4.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"}, {"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"}, {"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"}, {"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7DDF8F2-1E1C-4040-B24D-7959863AD5AF", "versionEndExcluding": "6.70\\(abtg.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6372C936-65AD-431B-B0F3-3731E6B236EC", "versionEndExcluding": "6.70\\(abvt.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D24E34B2-E5E8-4269-A168-4904A7751427", "versionEndExcluding": "6.70\\(abtd.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B44BE7-A6FD-4B9B-B6F9-60A4B792E57B", "versionEndExcluding": "6.70\\(acco.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D93BE4DB-8B74-4FE1-814D-22E78027FC7B", "versionEndExcluding": "6.80\\(abyw.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A88CCD01-D827-4891-8E99-67B6FD064FE9", "versionEndExcluding": "6.80\\(acge.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C732FD48-F3FC-45A6-9081-D2067305D6F7", "versionEndExcluding": "6.80\\(abzl.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "221D7820-55CA-447C-94FB-4946EC1536E7", "versionEndExcluding": "6.80\\(accv.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D936894-A119-4EC4-BA51-3B2CD9F3F477", "versionEndExcluding": "6.80\\(acgf.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34B57801-88C6-4BAB-A47F-EE428F8208C1", "versionEndExcluding": "6.70\\(abvs.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E013C28-F1C2-474C-B909-6BE89752C335", "versionEndExcluding": "6.70\\(abwa.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E174A280-1FC8-4A97-B7B1-3B8F5B47EB82", "versionEndExcluding": "6.70\\(abtf.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40288F50-E5B5-4398-BCBB-0C946869AB64", "versionEndExcluding": "6.70\\(abte.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6EE5DA9-A76F-47EE-8DF2-7950DD37A1B7", "versionEndExcluding": "6.70\\(accn.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C0C05AC-CF02-4D2B-BB8D-7DF960BAD814", "versionEndExcluding": "6.70\\(abzd.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EBCEA07-66B1-48A0-9121-09C5FE30A4E2", "versionEndExcluding": "6.70\\(accm.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FE4DC40-903F-4063-99EA-D7D272400D22", "versionEndExcluding": "6.70\\(abrm.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C85EF6D-0300-4AE9-98FE-2FA05F6392D4", "versionEndExcluding": "6.70\\(acdo.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31DA2420-6E71-45FE-A1B4-76524431F932", "versionEndExcluding": "6.70\\(acgg.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}