5.5
CVE-2023-5650
- EPSS 0.02%
- Veröffentlicht 28.11.2023 02:15:43
- Zuletzt bearbeitet 21.11.2024 08:42:11
- Quelle security@zyxel.com.tw
- Teams Watchlist Login
- Unerledigt Login
An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Zld Version >= 4.50 <= 5.37
Zyxel ≫ Usg Flex 100 Version-
Zyxel ≫ Usg Flex 100w Version-
Zyxel ≫ Usg Flex 200 Version-
Zyxel ≫ Usg Flex 50 Version-
Zyxel ≫ Usg Flex 500 Version-
Zyxel ≫ Usg Flex 50w Version-
Zyxel ≫ Usg Flex 700 Version-
Zyxel ≫ Usg Flex 100w Version-
Zyxel ≫ Usg Flex 200 Version-
Zyxel ≫ Usg Flex 50 Version-
Zyxel ≫ Usg Flex 500 Version-
Zyxel ≫ Usg Flex 50w Version-
Zyxel ≫ Usg Flex 700 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.