8.8
CVE-2023-33011
- EPSS 0.12%
- Veröffentlicht 17.07.2023 18:15:09
- Zuletzt bearbeitet 21.11.2024 08:04:24
- Quelle security@zyxel.com.tw
- Teams Watchlist Login
- Unerledigt Login
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Usg 2200-vpn Firmware Version >= 5.00 < 5.37
Zyxel ≫ Usg Flex 100 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Usg Flex 100w Firmware Version >= 5.00 < 5.37
Zyxel ≫ Usg Flex 200 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Usg Flex 50 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Usg Flex 500 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Usg Flex 50w Firmware Version >= 5.00 < 5.37
Zyxel ≫ Usg Flex 700 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Zywall Vpn100 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Zywall Vpn2s Firmware Version >= 5.00 < 5.37
Zyxel ≫ Zywall Vpn300 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Zywall Vpn50 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Zywall Vpn 100 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Zywall Vpn 300 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Zywall Vpn 50 Firmware Version >= 5.00 < 5.37
Zyxel ≫ Usg 20w-vpn Firmware Version >= 5.10 < 5.37
Zyxel ≫ Zywall Atp100 Firmware Version >= 5.10 < 5.37
Zyxel ≫ Zywall Atp100w Firmware Version >= 5.10 < 5.37
Zyxel ≫ Zywall Atp200 Firmware Version >= 5.10 < 5.37
Zyxel ≫ Zywall Atp500 Firmware Version >= 5.10 < 5.37
Zyxel ≫ Zywall Atp700 Firmware Version >= 5.10 < 5.37
Zyxel ≫ Zywall Atp800 Firmware Version >= 5.10 < 5.37
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.316 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.