The configuration parser of Zyxel ATP series firmware versions 5.10 up to and including 5.35, USG FLEX series firmware versions 5.00 up to and including 5.35, USG FLEX 50(W) firmware versions 5.10 up to and including 5.35, USG20(W)-VPN firmware versions 5.10 up to and including 5.35, and VPN series firmware versions 5.00 up to and including 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
zyxel usg_flex_100_firmware |
||
zyxel usg_flex_100w_firmware |
||
zyxel usg_flex_200_firmware |
||
zyxel usg_flex_50_firmware |
||
zyxel usg_flex_50w_firmware |
||
zyxel usg_flex_500_firmware |
||
zyxel usg_flex_700_firmware |
||
zyxel vpn100_firmware |
||
zyxel vpn1000_firmware |
||
zyxel vpn300_firmware |
||
zyxel vpn50_firmware |
||
zyxel usg_20w-vpn_firmware |
||
zyxel atp100_firmware |
||
zyxel atp100w_firmware |
||
zyxel atp200_firmware |
||
zyxel atp500_firmware |
||
zyxel atp700_firmware |
||
zyxel atp800_firmware |
Vulmon