The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 up to and including 5.36, USG FLEX series firmware versions 5.00 up to and including 5.36, USG FLEX 50(W) series firmware versions 5.10 up to and including 5.36, USG20(W)-VPN series firmware versions 5.10 up to and including 5.36, and VPN series firmware versions 5.00 up to and including 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zyxel usg 2200-vpn firmware |
||
zyxel usg flex 100 firmware |
||
zyxel usg flex 100w firmware |
||
zyxel usg flex 200 firmware |
||
zyxel usg flex 50 firmware |
||
zyxel usg flex 500 firmware |
||
zyxel usg flex 50w firmware |
||
zyxel usg flex 700 firmware |
||
zyxel zywall vpn100 firmware |
||
zyxel zywall vpn2s firmware |
||
zyxel zywall vpn300 firmware |
||
zyxel zywall vpn50 firmware |
||
zyxel zywall vpn 100 firmware |
||
zyxel zywall vpn 300 firmware |
||
zyxel zywall vpn 50 firmware |
||
zyxel usg 20w-vpn firmware |
||
zyxel zywall atp100 firmware |
||
zyxel zywall atp100w firmware |
||
zyxel zywall atp200 firmware |
||
zyxel zywall atp500 firmware |
||
zyxel zywall atp700 firmware |
||
zyxel zywall atp800 firmware |