5.5

CVE-2023-5650

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.

Data is provided by the National Vulnerability Database (NVD)
ZyxelZld Version >= 4.32 <= 5.37
   ZyxelAtp100 Version-
   ZyxelAtp100w Version-
   ZyxelAtp200 Version-
   ZyxelAtp500 Version-
   ZyxelAtp700 Version-
   ZyxelAtp800 Version-
ZyxelZld Version >= 4.50 <= 5.37
   ZyxelUsg Flex 100 Version-
   ZyxelUsg Flex 100w Version-
   ZyxelUsg Flex 200 Version-
   ZyxelUsg Flex 50 Version-
   ZyxelUsg Flex 500 Version-
   ZyxelUsg Flex 50w Version-
   ZyxelUsg Flex 700 Version-
ZyxelZld Version >= 4.16 <= 5.37
   ZyxelUsg 20w-vpn Version-
   ZyxelVpn50w Version-
ZyxelZld Version >= 4.30 <= 5.37
   ZyxelVpn100 Version-
   ZyxelVpn1000 Version-
   ZyxelVpn300 Version-
   ZyxelVpn50 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.041
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
security@zyxel.com.tw 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.