CVE-2023-6398

Published: Feb 20, 2024Modified: Jan 21, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: security@zyxel.com.tw (Secondary)

Description

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.

Affected (85)

Products: Zyxel: Atp100 Firmware, Atp100w Firmware, Atp200 Firmware, Atp500 Firmware, Atp700 Firmware, Atp800 Firmware, Usg Flex 100 Firmware, Usg Flex 100ax Firmware, Usg Flex 100h Firmware, Usg Flex 100w Firmware, Usg Flex 200 Firmware, Usg Flex 200h Firmware, Usg Flex 200hp Firmware, Usg Flex 50 Firmware, Usg Flex 500 Firmware, Usg Flex 500h Firmware, Usg Flex 50w Firmware, Usg Flex 700 Firmware, Usg Flex 700h Firmware, Usg20 Vpn Firmware, Usg20w Vpn Firmware, Uos, Nwa50ax Firmware, Nwa55axe Firmware, Nwa90ax Firmware, Nwa110ax Firmware, Nwa210ax Firmware, Nwa220ax 6e Firmware, Nwa1123acv3 Firmware, Wac500 Firmware, Wac500h Firmware, Wax300h Firmware, Wax510d Firmware, Wax610d Firmware, Wax620d 6e Firmware, Wax630s Firmware, Wax640s 6e Firmware, Wax650s Firmware, Wax655e Firmware, Wbe660s Firmware, Nwa50ax Pro Firmware, Nwa90ax Pro Firmware

42 products

Usg Flex 100 Firmware

Usg Flex 100ax Firmware

Usg Flex 100h Firmware

Usg Flex 100w Firmware

Usg Flex 200 Firmware

Usg Flex 200h Firmware

Usg Flex 200hp Firmware

Usg Flex 50 Firmware

Usg Flex 500 Firmware

Usg Flex 500h Firmware

Usg Flex 50w Firmware

Usg Flex 700 Firmware

Usg Flex 700h Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp100 Firmware	From 4.32 to 5.37
Zyxel Atp100 Firmware	Version 5.37
Zyxel Atp100 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp100	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp100w Firmware	From 4.32 to 5.37
Zyxel Atp100w Firmware	Version 5.37
Zyxel Atp100w Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp100w	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp200 Firmware	From 4.32 to 5.37
Zyxel Atp200 Firmware	Version 5.37
Zyxel Atp200 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp200	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp500 Firmware	From 4.32 to 5.37
Zyxel Atp500 Firmware	Version 5.37
Zyxel Atp500 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp500	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp700 Firmware	From 4.32 to 5.37
Zyxel Atp700 Firmware	Version 5.37
Zyxel Atp700 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp700	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp800 Firmware	From 4.32 to 5.37
Zyxel Atp800 Firmware	Version 5.37
Zyxel Atp800 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp800	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100 Firmware	Version 5.37
Zyxel Usg Flex 100 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100	All versions

Configuration H

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100ax Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100ax Firmware	Version 5.37
Zyxel Usg Flex 100ax Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100ax	All versions

Configuration I

3 vulnerable

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100h Firmware	Version 5.37
Zyxel Usg Flex 100h Firmware	Version 5.37 patch1

Configuration J

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100w Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100w Firmware	Version 5.37
Zyxel Usg Flex 100w Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100w	All versions

Configuration K

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 200 Firmware	Version 5.37
Zyxel Usg Flex 200 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 200	All versions

Configuration L

3 vulnerable

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 200h Firmware	Version 5.37
Zyxel Usg Flex 200h Firmware	Version 5.37 patch1

Configuration M

3 vulnerable

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200hp Firmware	From 4.50 to 5.37
Zyxel Usg Flex 200hp Firmware	Version 5.37
Zyxel Usg Flex 200hp Firmware	Version 5.37 patch1

Configuration N

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 50 Firmware	From 4.16 to 5.37
Zyxel Usg Flex 50 Firmware	Version 5.37
Zyxel Usg Flex 50 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 50	All versions

Configuration O

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 500 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 500 Firmware	Version 5.37
Zyxel Usg Flex 500 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 500	All versions

Configuration P

3 vulnerable

Vulnerable Software	Affected Versions
Zyxel Usg Flex 500h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 500h Firmware	Version 5.37
Zyxel Usg Flex 500h Firmware	Version 5.37 patch1

Configuration Q

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 50w Firmware	From 4.16 to 5.37
Zyxel Usg Flex 50w Firmware	Version 5.37
Zyxel Usg Flex 50w Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 50w	All versions

Configuration R

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 700 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 700 Firmware	Version 5.37
Zyxel Usg Flex 700 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 700	All versions

Configuration S

3 vulnerable

Vulnerable Software	Affected Versions
Zyxel Usg Flex 700h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 700h Firmware	Version 5.37
Zyxel Usg Flex 700h Firmware	Version 5.37 patch1

Configuration T

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg20 Vpn Firmware	From 4.16 to 5.37
Zyxel Usg20 Vpn Firmware	Version 5.37
Zyxel Usg20 Vpn Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg20 Vpn	All versions

Configuration U

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg20w Vpn Firmware	From 4.16 to 5.37
Zyxel Usg20w Vpn Firmware	Version 5.37
Zyxel Usg20w Vpn Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg20w Vpn	All versions

Configuration V

2 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Zyxel Uos	Version 1.10
Zyxel Uos	Version 1.10 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100h	All versions
Zyxel Usg Flex 100hp	All versions
Zyxel Usg Flex 200h	All versions
Zyxel Usg Flex 200hp	All versions
Zyxel Usg Flex 500h	All versions
Zyxel Usg Flex 700h	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa50ax Firmware	Before 6.29\(abyw.4\)

Running on/with	Platform Versions
Zyxel Nwa50ax	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa55axe Firmware	Before 6.29\(abzl.4\)

Running on/with	Platform Versions
Zyxel Nwa55axe	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa90ax Firmware	Before 6.29\(accv.4\)

Running on/with	Platform Versions
Zyxel Nwa90ax	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa110ax Firmware	Before 6.70\(abtg.2\)

Running on/with	Platform Versions
Zyxel Nwa110ax	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa210ax Firmware	Before 6.70\(abtd.2\)

Running on/with	Platform Versions
Zyxel Nwa210ax	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa220ax 6e Firmware	Before 6.70\(acco.1\)

Running on/with	Platform Versions
Zyxel Nwa220ax 6e	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa1123acv3 Firmware	Before 6.70\(abvt.1\)

Running on/with	Platform Versions
Zyxel Nwa1123acv3	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wac500 Firmware	Before 6.70\(abvs.1\)

Running on/with	Platform Versions
Zyxel Wac500	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wac500h Firmware	Before 6.70\(abwa.1\)

Running on/with	Platform Versions
Zyxel Wac500h	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax300h Firmware	Before 6.70\(achf.1\)

Running on/with	Platform Versions
Zyxel Wax300h	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax510d Firmware	Before 6.70\(abtf.2\)

Running on/with	Platform Versions
Zyxel Wax510d	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax610d Firmware	Before 6.70\(abte.2\)

Running on/with	Platform Versions
Zyxel Wax610d	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax620d 6e Firmware	Before 6.70\(accn.1\)

Running on/with	Platform Versions
Zyxel Wax620d 6e	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax630s Firmware	Before 6.70\(abzd.2\)

Running on/with	Platform Versions
Zyxel Wax630s	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax640s 6e Firmware	Before 6.70\(accm.1\)

Running on/with	Platform Versions
Zyxel Wax640s 6e	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax650s Firmware	Before 6.70\(abrm.2\)

Running on/with	Platform Versions
Zyxel Wax650s	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax655e Firmware	Before 6.70\(acdo.1\)

Running on/with	Platform Versions
Zyxel Wax655e	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wbe660s Firmware	Before 6.70\(acgg.2\)

Running on/with	Platform Versions
Zyxel Wbe660s	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa50ax Pro Firmware	Before 6.80\(acge.0\)

Running on/with	Platform Versions
Zyxel Nwa50ax Pro	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa90ax Pro Firmware	Before 6.80\(acgf.0\)

Running on/with	Platform Versions
Zyxel Nwa90ax Pro	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024

Source: security@zyxel.com.tw

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.