HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2023-34141

CVSS 8.0v3.1pub. 2023-07-17upd. 2024-11-21

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Zyxel Nxc2500

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Nxc2500 Firmware

    OS
    Zyxel
    6.10\(aaig.0\) – 6.10\(aaig.3\)
  • Zyxel Nxc5500

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Nxc5500 Firmware

    OS
    Zyxel
    6.10\(aaos.0\) – 6.10\(aaos.4\)
  • Zyxel Usg 20w Vpn

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Usg 20w Vpn Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Usg 2200 Vpn

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Usg 2200 Vpn Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Usg Flex 100

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Usg Flex 100 Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Usg Flex 100w

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Usg Flex 100w Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Usg Flex 200

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Usg Flex 200 Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Usg Flex 50

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Usg Flex 500

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Usg Flex 500 Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Usg Flex 50 Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Usg Flex 50w

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Usg Flex 50w Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Usg Flex 700

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Usg Flex 700 Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Zywall Atp100

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Zywall Atp100 Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Zywall Atp100w

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Zywall Atp100w Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Zywall Atp200

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Zywall Atp200 Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
  • Zyxel Zywall Atp500

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Zywall Atp500 Firmware

    OS
    Zyxel
    5.00 – 5.37 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
VPNCommand Injection
CWE
References

Related vulnerabilities

CVE-2023-33009CRITICAL9.8⚠ KEVten sam produkt

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 throug...

CVE-2023-33010CRITICAL9.8⚠ KEVten sam produkt

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 throu...

CVE-2023-28771CRITICAL9.8⚠ KEVten sam produkt

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series fir...

CVE-2022-30525CRITICAL9.8⚠ KEVten sam produkt

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 throug...

CVE-2020-29583CRITICAL9.8⚠ KEVten sam produkt

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable passw...