Published: 24/04/2023 Updated: 13/06/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 up to and including 5.35, USG FLEX series firmware versions 4.50 up to and including 5.35, USG FLEX 50(W) firmware versions 4.16 up to and including 5.35, USG20(W)-VPN firmware versions 4.16 up to and including 5.35, and VPN series firmware versions 4.30 up to and including 5.35, which could allow an authenticated malicious user to execute some OS commands remotely.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zyxel atp200_firmware
zyxel atp100_firmware
zyxel atp700_firmware
zyxel atp500_firmware
zyxel atp100w_firmware
zyxel atp800_firmware
zyxel usg_flex_100_firmware
zyxel usg_flex_50_firmware
zyxel usg_flex_200_firmware
zyxel usg_flex_500_firmware
zyxel usg_flex_700_firmware
zyxel usg_flex_100w_firmware
zyxel usg_20w-vpn_firmware
zyxel usg_flex_50w_firmware
zyxel usg20-vpn_firmware
zyxel vpn100_firmware
zyxel vpn1000_firmware
zyxel vpn300_firmware
zyxel vpn50_firmware

CWE-78 https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-27991

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect