CVE-2023-5650

Published: Nov 28, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: security@zyxel.com.tw (Secondary)

Description

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.

Affected (4)

Products: Zyxel: Zld

Zyxel

1 product

Zld

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.32 to 5.37

Running on/with	Platform Versions
Zyxel Atp100	All versions
Zyxel Atp100w	All versions
Zyxel Atp200	All versions
Zyxel Atp500	All versions
Zyxel Atp700	All versions
Zyxel Atp800	All versions

Configuration B

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.50 to 5.37

Running on/with	Platform Versions
Zyxel Usg Flex 100	All versions
Zyxel Usg Flex 100w	All versions
Zyxel Usg Flex 200	All versions
Zyxel Usg Flex 50	All versions
Zyxel Usg Flex 500	All versions
Zyxel Usg Flex 50w	All versions
Zyxel Usg Flex 700	All versions

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.16 to 5.37

Running on/with	Platform Versions
Zyxel Usg 20w Vpn	All versions
Zyxel Vpn50w	All versions

Configuration D

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.30 to 5.37

Running on/with	Platform Versions
Zyxel Vpn100	All versions
Zyxel Vpn1000	All versions
Zyxel Vpn300	All versions
Zyxel Vpn50	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

Source: security@zyxel.com.tw

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.