← Back

CVE-2023-5797

nvd nist
Published: Nov 28, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: security@zyxel.com.tw (Secondary)

Description

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device.

Affected (23)

Zyxel
20 products
Zld
Nwa110ax Firmware
Nwa1123acv3 Firmware
Nwa210ax Firmware
Nwa220ax 6e Firmware
Nwa50ax Firmware
Nwa50ax Pro Firmware
Nwa55axe Firmware
Nwa90ax Firmware
Nwa90ax Pro Firmware
Wac500 Firmware
Wac500h Firmware
Wax510d Firmware
Wax610d Firmware
Wax620d 6e Firmware
Wax630s Firmware
Wax640s 6e Firmware
Wax650s Firmware
Wax655e Firmware
Wbe660s Firmware
Configuration A
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Zld
From 4.32 to 5.37
Running on/withPlatform Versions
Zyxel
Atp100
All versions
Zyxel
Atp100w
All versions
Zyxel
Atp200
All versions
Zyxel
Atp500
All versions
Zyxel
Atp700
All versions
Zyxel
Atp800
All versions
Configuration B
1 vulnerable · 7 platform
Vulnerable SoftwareAffected Versions
Zld
From 4.50 to 5.37
Running on/withPlatform Versions
Zyxel
Usg Flex 100
All versions
Zyxel
Usg Flex 100w
All versions
Zyxel
Usg Flex 200
All versions
Zyxel
Usg Flex 50
All versions
Zyxel
Usg Flex 500
All versions
Zyxel
Usg Flex 50w
All versions
Zyxel
Usg Flex 700
All versions
Configuration C
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Zld
From 4.16 to 5.37
Running on/withPlatform Versions
Zyxel
Usg 20w Vpn
All versions
Zyxel
Vpn50w
All versions
Configuration D
1 vulnerable · 4 platform
Vulnerable SoftwareAffected Versions
Zld
From 4.30 to 5.37
Running on/withPlatform Versions
Zyxel
Vpn100
All versions
Zyxel
Vpn1000
All versions
Zyxel
Vpn300
All versions
Zyxel
Vpn50
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nwa110ax Firmware
Before 6.70\(abtg.0\)
Running on/withPlatform Versions
Zyxel
Nwa110ax
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nwa1123acv3 Firmware
Before 6.70\(abvt.0\)
Running on/withPlatform Versions
Zyxel
Nwa1123acv3
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nwa210ax Firmware
Before 6.70\(abtd.0\)
Running on/withPlatform Versions
Zyxel
Nwa210ax
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nwa220ax 6e Firmware
Before 6.70\(acco.0\)
Running on/withPlatform Versions
Zyxel
Nwa220ax 6e
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nwa50ax Firmware
Before 6.80\(abyw.0\)
Running on/withPlatform Versions
Zyxel
Nwa50ax
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nwa50ax Pro Firmware
Before 6.80\(acge.0\)
Running on/withPlatform Versions
Zyxel
Nwa50ax Pro
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nwa55axe Firmware
Before 6.80\(abzl.0\)
Running on/withPlatform Versions
Zyxel
Nwa55axe
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nwa90ax Firmware
Before 6.80\(accv.0\)
Running on/withPlatform Versions
Zyxel
Nwa90ax
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nwa90ax Pro Firmware
Before 6.80\(acgf.0\)
Running on/withPlatform Versions
Zyxel
Nwa90ax Pro
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wac500 Firmware
Before 6.70\(abvs.0\)
Running on/withPlatform Versions
Zyxel
Wac500
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wac500h Firmware
Before 6.70\(abwa.0\)
Running on/withPlatform Versions
Zyxel
Wac500h
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wax510d Firmware
Before 6.70\(abtf.0\)
Running on/withPlatform Versions
Zyxel
Wax510d
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wax610d Firmware
Before 6.70\(abte.0\)
Running on/withPlatform Versions
Zyxel
Wax610d
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wax620d 6e Firmware
Before 6.70\(accn.0\)
Running on/withPlatform Versions
Zyxel
Wax620d 6e
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wax630s Firmware
Before 6.70\(abzd.0\)
Running on/withPlatform Versions
Zyxel
Wax630s
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wax640s 6e Firmware
Before 6.70\(accm.0\)
Running on/withPlatform Versions
Zyxel
Wax640s 6e
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wax650s Firmware
Before 6.70\(abrm.0\)
Running on/withPlatform Versions
Zyxel
Wax650s
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wax655e Firmware
Before 6.70\(acdo.0\)
Running on/withPlatform Versions
Zyxel
Wax655e
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wbe660s Firmware
Before 6.70\(acgg.0\)
Running on/withPlatform Versions
Zyxel
Wbe660s
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: security@zyxel.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.