CVE-2023-6764

Published: Feb 20, 2024Modified: Jan 21, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: security@zyxel.com.tw (Secondary)

Description

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.

Affected (63)

Products: Zyxel: Atp100 Firmware, Atp100w Firmware, Atp200 Firmware, Atp500 Firmware, Atp700 Firmware, Atp800 Firmware, Usg Flex 100 Firmware, Usg Flex 100ax Firmware, Usg Flex 100h Firmware, Usg Flex 100w Firmware, Usg Flex 200 Firmware, Usg Flex 200h Firmware, Usg Flex 200hp Firmware, Usg Flex 500 Firmware, Usg Flex 500h Firmware, Usg Flex 700 Firmware, Usg Flex 700h Firmware, Usg Flex 50 Firmware, Usg Flex 50w Firmware, Usg20 Vpn Firmware, Usg20w Vpn Firmware

21 products

Usg Flex 100 Firmware

Usg Flex 100ax Firmware

Usg Flex 100h Firmware

Usg Flex 100w Firmware

Usg Flex 200 Firmware

Usg Flex 200h Firmware

Usg Flex 200hp Firmware

Usg Flex 500 Firmware

Usg Flex 500h Firmware

Usg Flex 700 Firmware

Usg Flex 700h Firmware

Usg Flex 50 Firmware

Usg Flex 50w Firmware

Usg20 Vpn Firmware

Usg20w Vpn Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp100 Firmware	From 4.32 to 5.37
Zyxel Atp100 Firmware	Version 5.37
Zyxel Atp100 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp100	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp100w Firmware	From 4.32 to 5.37
Zyxel Atp100w Firmware	Version 5.37
Zyxel Atp100w Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp100w	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp200 Firmware	From 4.32 to 5.37
Zyxel Atp200 Firmware	Version 5.37
Zyxel Atp200 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp200	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp500 Firmware	From 4.32 to 5.37
Zyxel Atp500 Firmware	Version 5.37
Zyxel Atp500 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp500	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp700 Firmware	From 4.32 to 5.37
Zyxel Atp700 Firmware	Version 5.37
Zyxel Atp700 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp700	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp800 Firmware	From 4.32 to 5.37
Zyxel Atp800 Firmware	Version 5.37
Zyxel Atp800 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp800	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100 Firmware	Version 5.37
Zyxel Usg Flex 100 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100	All versions

Configuration H

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100ax Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100ax Firmware	Version 5.37
Zyxel Usg Flex 100ax Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100ax	All versions

Configuration I

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100h Firmware	Version 5.37
Zyxel Usg Flex 100h Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100h	All versions

Configuration J

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100w Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100w Firmware	Version 5.37
Zyxel Usg Flex 100w Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100w	All versions

Configuration K

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 200 Firmware	Version 5.37
Zyxel Usg Flex 200 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 200	All versions

Configuration L

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 200h Firmware	Version 5.37
Zyxel Usg Flex 200h Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 200h	All versions

Configuration M

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200hp Firmware	From 4.50 to 5.37
Zyxel Usg Flex 200hp Firmware	Version 5.37
Zyxel Usg Flex 200hp Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 200hp	All versions

Configuration N

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 500 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 500 Firmware	Version 5.37
Zyxel Usg Flex 500 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 500	All versions

Configuration O

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 500h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 500h Firmware	Version 5.37
Zyxel Usg Flex 500h Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 500h	All versions

Configuration P

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 700 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 700 Firmware	Version 5.37
Zyxel Usg Flex 700 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 700	All versions

Configuration Q

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 700h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 700h Firmware	Version 5.37
Zyxel Usg Flex 700h Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 700h	All versions

Configuration R

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 50 Firmware	From 4.16 to 5.37
Zyxel Usg Flex 50 Firmware	Version 5.37
Zyxel Usg Flex 50 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 50	All versions

Configuration S

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 50w Firmware	From 4.16 to 5.37
Zyxel Usg Flex 50w Firmware	Version 5.37
Zyxel Usg Flex 50w Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 50w	All versions

Configuration T

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg20 Vpn Firmware	From 4.16 to 5.37
Zyxel Usg20 Vpn Firmware	Version 5.37
Zyxel Usg20 Vpn Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg20 Vpn	All versions

Configuration U

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg20w Vpn Firmware	From 4.16 to 5.37
Zyxel Usg20w Vpn Firmware	Version 5.37
Zyxel Usg20w Vpn Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg20w Vpn	All versions

Related CWEs

CWE-134

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024

Source: security@zyxel.com.tw

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.