8

CVE-2023-34141

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,  USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.

Data is provided by the National Vulnerability Database (NVD)
ZyxelUsg 20w-vpn Firmware Version >= 5.00 < 5.37
   ZyxelUsg 20w-vpn Version-
ZyxelUsg 2200-vpn Firmware Version >= 5.00 < 5.37
   ZyxelUsg 2200-vpn Version-
ZyxelUsg Flex 100 Firmware Version >= 5.00 < 5.37
   ZyxelUsg Flex 100 Version-
ZyxelUsg Flex 100w Firmware Version >= 5.00 < 5.37
   ZyxelUsg Flex 100w Version-
ZyxelUsg Flex 200 Firmware Version >= 5.00 < 5.37
   ZyxelUsg Flex 200 Version-
ZyxelUsg Flex 50 Firmware Version >= 5.00 < 5.37
   ZyxelUsg Flex 50 Version-
ZyxelUsg Flex 500 Firmware Version >= 5.00 < 5.37
   ZyxelUsg Flex 500 Version-
ZyxelUsg Flex 50w Firmware Version >= 5.00 < 5.37
   ZyxelUsg Flex 50w Version-
ZyxelUsg Flex 700 Firmware Version >= 5.00 < 5.37
   ZyxelUsg Flex 700 Version-
ZyxelZywall Atp100 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Atp100 Version-
ZyxelZywall Atp100w Firmware Version >= 5.00 < 5.37
   ZyxelZywall Atp100w Version-
ZyxelZywall Atp200 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Atp200 Version-
ZyxelZywall Atp500 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Atp500 Version-
ZyxelZywall Atp700 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Atp700 Version-
ZyxelZywall Atp800 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Atp800 Version-
ZyxelZywall Vpn100 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Vpn100 Version-
ZyxelZywall Vpn2s Firmware Version >= 5.00 < 5.37
   ZyxelZywall Vpn2s Version-
ZyxelZywall Vpn300 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Vpn300 Version-
ZyxelZywall Vpn50 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Vpn50 Version-
ZyxelZywall Vpn 100 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Vpn 100 Version-
ZyxelZywall Vpn 300 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Vpn 300 Version-
ZyxelZywall Vpn 50 Firmware Version >= 5.00 < 5.37
   ZyxelZywall Vpn 50 Version-
ZyxelNxc2500 Firmware Version >= 6.10\(aaig.0\) <= 6.10\(aaig.3\)
   ZyxelNxc2500 Version-
ZyxelNxc5500 Firmware Version >= 6.10\(aaos.0\) <= 6.10\(aaos.4\)
   ZyxelNxc5500 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.311
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
security@zyxel.com.tw 8 2.1 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.