CVE-2023-35136

Published: Nov 28, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: security@zyxel.com.tw (Secondary)

Description

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

Affected (4)

Products: Zyxel: Zld

Zyxel

1 product

Zld

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.32 to 5.37

Running on/with	Platform Versions
Zyxel Atp100	All versions
Zyxel Atp100w	All versions
Zyxel Atp200	All versions
Zyxel Atp500	All versions
Zyxel Atp700	All versions
Zyxel Atp800	All versions

Configuration B

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.50 to 5.37

Running on/with	Platform Versions
Zyxel Usg Flex 100	All versions
Zyxel Usg Flex 100w	All versions
Zyxel Usg Flex 200	All versions
Zyxel Usg Flex 50	All versions
Zyxel Usg Flex 500	All versions
Zyxel Usg Flex 50w	All versions
Zyxel Usg Flex 700	All versions

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.16 to 5.37

Running on/with	Platform Versions
Zyxel Usg 20w Vpn	All versions
Zyxel Vpn50w	All versions

Configuration D

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.30 to 5.37

Running on/with	Platform Versions
Zyxel Vpn100	All versions
Zyxel Vpn1000	All versions
Zyxel Vpn300	All versions
Zyxel Vpn50	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

Source: security@zyxel.com.tw

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.