CVE-2023-5797

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*
OR cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*
OR cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*
OR cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*
OR cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*

History

04 Dec 2023, 18:01

Type Values Removed Values Added
CPE cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*
References () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps - () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps - Vendor Advisory
First Time Zyxel nwa90ax Firmware
Zyxel nwa90ax-pro Firmware
Zyxel atp500
Zyxel
Zyxel wax650s
Zyxel usg Flex 100
Zyxel vpn1000
Zyxel nwa90ax
Zyxel wbe660s
Zyxel vpn50w
Zyxel wax650s Firmware
Zyxel wax640s-6e Firmware
Zyxel wax610d
Zyxel atp200
Zyxel wax655e
Zyxel nwa210ax Firmware
Zyxel nwa50ax
Zyxel nwa110ax
Zyxel wac500
Zyxel wac500h Firmware
Zyxel nwa50ax-pro
Zyxel wax620d-6e Firmware
Zyxel nwa210ax
Zyxel nwa1123acv3 Firmware
Zyxel nwa55axe Firmware
Zyxel nwa110ax Firmware
Zyxel usg Flex 200
Zyxel zld
Zyxel nwa50ax-pro Firmware
Zyxel wac500 Firmware
Zyxel usg Flex 50
Zyxel wbe660s Firmware
Zyxel atp800
Zyxel nwa55axe
Zyxel nwa220ax-6e
Zyxel wax655e Firmware
Zyxel wax640s-6e
Zyxel atp100w
Zyxel nwa50ax Firmware
Zyxel wax630s Firmware
Zyxel atp700
Zyxel vpn100
Zyxel atp100
Zyxel wax510d
Zyxel nwa1123acv3
Zyxel vpn50
Zyxel usg Flex 100w
Zyxel wax510d Firmware
Zyxel wax610d Firmware
Zyxel usg Flex 500
Zyxel nwa90ax-pro
Zyxel usg 20w-vpn
Zyxel usg Flex 50w
Zyxel nwa220ax-6e Firmware
Zyxel wac500h
Zyxel vpn300
Zyxel wax620d-6e
Zyxel usg Flex 700
Zyxel wax630s

28 Nov 2023, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-28 03:15

Updated : 2023-12-10 15:26


NVD link : CVE-2023-5797

Mitre link : CVE-2023-5797

CVE.ORG link : CVE-2023-5797


JSON object : View

Products Affected

zyxel

  • wax620d-6e
  • usg_flex_700
  • wac500h
  • wax620d-6e_firmware
  • nwa50ax_firmware
  • atp200
  • usg_flex_100
  • vpn50
  • atp100
  • wac500h_firmware
  • wax510d_firmware
  • wax630s_firmware
  • wax640s-6e
  • nwa210ax
  • usg_20w-vpn
  • nwa50ax-pro
  • wbe660s
  • vpn300
  • vpn1000
  • nwa220ax-6e_firmware
  • wax510d
  • nwa210ax_firmware
  • wax610d_firmware
  • atp700
  • wax655e_firmware
  • zld
  • vpn50w
  • nwa1123acv3
  • usg_flex_100w
  • nwa55axe
  • nwa90ax-pro
  • wac500_firmware
  • nwa110ax_firmware
  • nwa50ax-pro_firmware
  • vpn100
  • wbe660s_firmware
  • nwa90ax-pro_firmware
  • nwa110ax
  • nwa1123acv3_firmware
  • wax610d
  • usg_flex_500
  • atp500
  • nwa220ax-6e
  • usg_flex_50
  • nwa50ax
  • nwa90ax
  • wax630s
  • wax650s_firmware
  • wax640s-6e_firmware
  • atp100w
  • wax650s
  • nwa55axe_firmware
  • usg_flex_200
  • usg_flex_50w
  • nwa90ax_firmware
  • wax655e
  • wac500
  • atp800
CWE
CWE-269

Improper Privilege Management