CVE-2023-6398

EPSS 0.73%
Published 20.02.2024 02:15:49
Last modified 21.01.2025 18:36:54
Source security@zyxel.com.tw
Teams watchlist Login
Open Login

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, 

USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,

NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zyxel ≫ Atp100 Firmware Version >= 4.32 < 5.37

Zyxel ≫ Atp100 Version-

Zyxel ≫ Atp100 Firmware Version5.37 Update-

Zyxel ≫ Atp100 Version-

Zyxel ≫ Atp100 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp100 Version-

Zyxel ≫ Atp100w Firmware Version >= 4.32 < 5.37

Zyxel ≫ Atp100w Version-

Zyxel ≫ Atp100w Firmware Version5.37 Update-

Zyxel ≫ Atp100w Version-

Zyxel ≫ Atp100w Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp100w Version-

Zyxel ≫ Atp200 Firmware Version >= 4.32 < 5.37

Zyxel ≫ Atp200 Version-

Zyxel ≫ Atp200 Firmware Version5.37 Update-

Zyxel ≫ Atp200 Version-

Zyxel ≫ Atp200 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp200 Version-

Zyxel ≫ Atp500 Firmware Version >= 4.32 < 5.37

Zyxel ≫ Atp500 Version-

Zyxel ≫ Atp500 Firmware Version5.37 Update-

Zyxel ≫ Atp500 Version-

Zyxel ≫ Atp500 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp500 Version-

Zyxel ≫ Atp700 Firmware Version >= 4.32 < 5.37

Zyxel ≫ Atp700 Version-

Zyxel ≫ Atp700 Firmware Version5.37 Update-

Zyxel ≫ Atp700 Version-

Zyxel ≫ Atp700 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp700 Version-

Zyxel ≫ Atp800 Firmware Version >= 4.32 < 5.37

Zyxel ≫ Atp800 Version-

Zyxel ≫ Atp800 Firmware Version5.37 Update-

Zyxel ≫ Atp800 Version-

Zyxel ≫ Atp800 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp800 Version-

Zyxel ≫ Usg Flex 100 Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 100 Version-

Zyxel ≫ Usg Flex 100 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 100 Version-

Zyxel ≫ Usg Flex 100 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 100 Version-

Zyxel ≫ Usg Flex 100ax Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 100ax Version-

Zyxel ≫ Usg Flex 100ax Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 100ax Version-

Zyxel ≫ Usg Flex 100ax Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 100ax Version-

Zyxel ≫ Usg Flex 100h Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 100h Version-

Zyxel ≫ Usg Flex 100h Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 100h Version-

Zyxel ≫ Usg Flex 100h Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 100h Version-

Zyxel ≫ Usg Flex 100w Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 100w Version-

Zyxel ≫ Usg Flex 100w Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 100w Version-

Zyxel ≫ Usg Flex 100w Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 100w Version-

Zyxel ≫ Usg Flex 200 Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 200 Version-

Zyxel ≫ Usg Flex 200 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 200 Version-

Zyxel ≫ Usg Flex 200 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 200 Version-

Zyxel ≫ Usg Flex 200h Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 200h Version-

Zyxel ≫ Usg Flex 200h Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 200h Version-

Zyxel ≫ Usg Flex 200h Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 200h Version-

Zyxel ≫ Usg Flex 200hp Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 200hp Version-

Zyxel ≫ Usg Flex 200hp Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 200hp Version-

Zyxel ≫ Usg Flex 200hp Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 200hp Version-

Zyxel ≫ Usg Flex 50 Firmware Version >= 4.16 < 5.37

Zyxel ≫ Usg Flex 50 Version-

Zyxel ≫ Usg Flex 50 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 50 Version-

Zyxel ≫ Usg Flex 50 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 50 Version-

Zyxel ≫ Usg Flex 500 Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 500 Version-

Zyxel ≫ Usg Flex 500 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 500 Version-

Zyxel ≫ Usg Flex 500 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 500 Version-

Zyxel ≫ Usg Flex 500h Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 500h Version-

Zyxel ≫ Usg Flex 500h Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 500h Version-

Zyxel ≫ Usg Flex 500h Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 500h Version-

Zyxel ≫ Usg Flex 50w Firmware Version >= 4.16 < 5.37

Zyxel ≫ Usg Flex 50w Version-

Zyxel ≫ Usg Flex 50w Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 50w Version-

Zyxel ≫ Usg Flex 50w Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 50w Version-

Zyxel ≫ Usg Flex 700 Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 700 Version-

Zyxel ≫ Usg Flex 700 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 700 Version-

Zyxel ≫ Usg Flex 700 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 700 Version-

Zyxel ≫ Usg Flex 700h Firmware Version >= 4.50 < 5.37

Zyxel ≫ Usg Flex 700h Version-

Zyxel ≫ Usg Flex 700h Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 700h Version-

Zyxel ≫ Usg Flex 700h Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 700h Version-

Zyxel ≫ Usg20-vpn Firmware Version >= 4.16 < 5.37

Zyxel ≫ Usg20-vpn Version-

Zyxel ≫ Usg20-vpn Firmware Version5.37 Update-

Zyxel ≫ Usg20-vpn Version-

Zyxel ≫ Usg20-vpn Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg20-vpn Version-

Zyxel ≫ Usg20w-vpn Firmware Version >= 4.16 < 5.37

Zyxel ≫ Usg20w-vpn Version-

Zyxel ≫ Usg20w-vpn Firmware Version5.37 Update-

Zyxel ≫ Usg20w-vpn Version-

Zyxel ≫ Usg20w-vpn Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg20w-vpn Version-

Zyxel ≫ Uos Version1.10 Update-

   Zyxel ≫ Usg Flex 100h Version-
   Zyxel ≫ Usg Flex 100hp Version-
   Zyxel ≫ Usg Flex 200h Version-
   Zyxel ≫ Usg Flex 200hp Version-
   Zyxel ≫ Usg Flex 500h Version-
   Zyxel ≫ Usg Flex 700h Version-

Zyxel ≫ Uos Version1.10 Updatepatch1

Zyxel ≫ Nwa50ax Firmware Version < 6.29\(abyw.4\)

Zyxel ≫ Nwa50ax Version-

Zyxel ≫ Nwa55axe Firmware Version < 6.29\(abzl.4\)

Zyxel ≫ Nwa55axe Version-

Zyxel ≫ Nwa90ax Firmware Version < 6.29\(accv.4\)

Zyxel ≫ Nwa90ax Version-

Zyxel ≫ Nwa110ax Firmware Version < 6.70\(abtg.2\)

Zyxel ≫ Nwa110ax Version-

Zyxel ≫ Nwa210ax Firmware Version < 6.70\(abtd.2\)

Zyxel ≫ Nwa210ax Version-

Zyxel ≫ Nwa220ax-6e Firmware Version < 6.70\(acco.1\)

Zyxel ≫ Nwa220ax-6e Version-

Zyxel ≫ Nwa1123acv3 Firmware Version < 6.70\(abvt.1\)

Zyxel ≫ Nwa1123acv3 Version-

Zyxel ≫ Wac500 Firmware Version < 6.70\(abvs.1\)

Zyxel ≫ Wac500 Version-

Zyxel ≫ Wac500h Firmware Version < 6.70\(abwa.1\)

Zyxel ≫ Wac500h Version-

Zyxel ≫ Wax300h Firmware Version < 6.70\(achf.1\)

Zyxel ≫ Wax300h Version-

Zyxel ≫ Wax510d Firmware Version < 6.70\(abtf.2\)

Zyxel ≫ Wax510d Version-

Zyxel ≫ Wax610d Firmware Version < 6.70\(abte.2\)

Zyxel ≫ Wax610d Version-

Zyxel ≫ Wax620d-6e Firmware Version < 6.70\(accn.1\)

Zyxel ≫ Wax620d-6e Version-

Zyxel ≫ Wax630s Firmware Version < 6.70\(abzd.2\)

Zyxel ≫ Wax630s Version-

Zyxel ≫ Wax640s-6e Firmware Version < 6.70\(accm.1\)

Zyxel ≫ Wax640s-6e Version-

Zyxel ≫ Wax650s Firmware Version < 6.70\(abrm.2\)

Zyxel ≫ Wax650s Version-

Zyxel ≫ Wax655e Firmware Version < 6.70\(acdo.1\)

Zyxel ≫ Wax655e Version-

Zyxel ≫ Wbe660s Firmware Version < 6.70\(acgg.2\)

Zyxel ≫ Wbe660s Version-

Zyxel ≫ Nwa50ax-pro Firmware Version < 6.80\(acge.0\)

Zyxel ≫ Nwa50ax-pro Version-

Zyxel ≫ Nwa90ax-pro Firmware Version < 6.80\(acgf.0\)

Zyxel ≫ Nwa90ax-pro Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.73%	0.717

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security@zyxel.com.tw	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6398

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6398

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6398

EUVD