CVE-2023-28767

Published Jul 17, 2023
Last updated a year ago
CVSS high 8.8
Overview

Description: The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.
Source: security@zyxel.com.tw
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
Weaknesses

nvd@nist.gov: CWE-78
security@zyxel.com.tw: CWE-78
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "32F7F370-C585-45FE-A7F7-40BFF13928CF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "369543A8-1D92-42AF-896D-30A38E02D8E5",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3844EDBE-1FDA-48E0-9535-D81657E1820A",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61B89E2F-9A44-4A02-9279-158CDAA787D5",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6081F154-4A1E-4630-99BB-846B68F5B818",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "428D392F-2427-4510-9185-AD9C1FC839A1",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "614F4C95-8835-4A0A-B965-51FBD0289DE5",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD16BDCE-428C-40B2-BE9E-593ED4C59819",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F253FB99-B7E9-4809-9E3A-F9964B6B3BD8",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6362D1C8-DD85-45E6-B6F0-BB9882FA0F19",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6762B13C-6FD5-49D7-B2D6-4986BAC3D425"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCC7F9D7-2688-4848-9B3F-60C35E66423E",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3D3F001A-8790-463F-804B-CA5CAC610867"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E19C1F04-1F67-4502-B6E2-B7DA771E1ACA",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54D49F68-BCE2-432F-AC2B-1975F7BDBCE7",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D902D9D2-5215-4A70-9D16-F1C3BA10EE18"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C380259A-B524-41EC-A733-805F617BA3E1",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1B81DDA-DDD5-4D9B-B631-815186E3839F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF3F62F3-0681-4150-8F89-B44708DE75ED",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "212C5E8E-774A-446E-B7C7-80C349160BC2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11E3C89D-EEEC-449F-9783-91E0AE286223",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FD872CA4-385D-49A9-B1DF-7C4467BD49AA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39637E53-C502-4377-BC9E-71E0962F7D6F",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BD13DCF-7B56-423B-BA54-E2CC2288E12E",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A899D2DE-8C74-4EA1-BD87-B8BF37CBFB6D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDDD5813-1215-4047-8AA6-A286571A0475",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7F65954-FF1A-46A4-A003-FF8B9666880A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8B5F6AE-537A-4FFB-92AB-28AE2E1741FB",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A4F6D0AA-CDD4-4F1C-98F1-1B381023B3F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D73608C-EB5F-44B6-BB11-6F7E4742E71E",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AA85BCA2-CEF5-44EF-BEFB-5DA2638F5F37"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B51FA0FC-7803-4ECB-BFFB-839E585CD9CA",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D50CC94B-4EAA-44A7-AEF1-415491572FB1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCC033D4-363E-4A00-AD9E-1D94D5060CB7",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "5.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3EC7EB91-65C4-45EA-9CB4-3B3961724DCB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
