Zyxel Atp Series Firmware vulnerabilities

CVE-2023-37926 [MEDIUM] CWE-120 CVE-2023-37926: A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLE A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local at

CVE-2023-5650 [MEDIUM] CWE-269 CVE-2023-5650: An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow

CVE-2023-4397 [MEDIUM] CWE-120 CVE-2023-4397: A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmw A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI comm

CVE-2023-34141 [HIGH] CWE-78 CVE-2023-34141: A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP serie A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series fir

CVE-2023-34138 [HIGH] CWE-78 CVE-2023-34138: A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware

CVE-2023-33011 [HIGH] CWE-134 CVE-2023-33011: A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, U A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, c

CVE-2023-28767 [HIGH] CWE-78 CVE-2023-28767: The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware ve The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An una

CVE-2023-33012 [HIGH] CWE-78 CVE-2023-33012: A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versi A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versio

CVE-2023-34140 [MEDIUM] CWE-120 CVE-2023-34140: A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, N

CVE-2023-33009 [CRITICAL] CWE-120 CVE-2023-33009: A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4 A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.

CVE-2023-33010 [CRITICAL] CWE-120 CVE-2023-33010: A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.

CVE-2023-28771 [CRITICAL] CWE-78 CVE-2023-28771: Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted

CVE-2023-22917 [HIGH] CWE-120 CVE-2023-22917: A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware version A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remot

CVE-2023-22916 [HIGH] CWE-20 CVE-2023-22916: The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series fi The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthentic

CVE-2023-27991 [HIGH] CWE-78 CVE-2023-27991: The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmw The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could all

CVE-2023-22918 [MEDIUM] CWE-359 CVE-2023-22918: A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firm A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmwa

CVE-2023-27990 [MEDIUM] CWE-79 CVE-2023-27990: The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35 The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker

CVE-2022-38547 [HIGH] CWE-78 CVE-2022-38547: A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator pr

CVE-2022-40603 [MEDIUM] CWE-79 CVE-2022-40603: A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware ve A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL

CVE-2022-30526 [HIGH] CWE-269 CVE-2022-30526: A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firm A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmw