5.5

CVE-2023-35136

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

Data is provided by the National Vulnerability Database (NVD)
ZyxelZld Version >= 4.32 <= 5.37
   ZyxelAtp100 Version-
   ZyxelAtp100w Version-
   ZyxelAtp200 Version-
   ZyxelAtp500 Version-
   ZyxelAtp700 Version-
   ZyxelAtp800 Version-
ZyxelZld Version >= 4.50 <= 5.37
   ZyxelUsg Flex 100 Version-
   ZyxelUsg Flex 100w Version-
   ZyxelUsg Flex 200 Version-
   ZyxelUsg Flex 50 Version-
   ZyxelUsg Flex 500 Version-
   ZyxelUsg Flex 50w Version-
   ZyxelUsg Flex 700 Version-
ZyxelZld Version >= 4.16 <= 5.37
   ZyxelUsg 20w-vpn Version-
   ZyxelVpn50w Version-
ZyxelZld Version >= 4.30 <= 5.37
   ZyxelVpn100 Version-
   ZyxelVpn1000 Version-
   ZyxelVpn300 Version-
   ZyxelVpn50 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.09% 0.256
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
security@zyxel.com.tw 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.