CVE-2023-37925

CWE-269Improper Privilege Management3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 78.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
26
Zyxel Nwa110ax FirmwareZyxel Nwa1123acv3 FirmwareZyxel Nwa210ax Firmware+23 more
Timeline
PublishedNov 28

Description

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages29 packages

CVEListV5zyxel/usg_flex_series_firmwareversions 4.50 through 5.37
CVEListV5zyxel/usg_flex_50(w)_series_firmwareversions 4.16 through 5.37
CVEListV5zyxel/usg20(w)-vpn_series_firmwareversions 4.16 through 5.37
CVEListV5zyxel/atp_series_firmwareversions 4.32 through 5.37
CVEListV5zyxel/vpn_series_firmwareversions 4.30 through 5.37

🔴Vulnerability Details

2
CVEList
CVE-2023-37925: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 42023-11-28
GHSA
GHSA-w6g6-83gc-85hx: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 42023-11-28
CVE-2023-37925 (MEDIUM CVSS 5.5) | An improper privilege management vu | cvebase.io