CVE-2023-27991

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*

History

13 Jun 2023, 13:18

Type Values Removed Values Added
CPE cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*

07 Jun 2023, 18:20

Type Values Removed Values Added
CPE cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*

03 May 2023, 15:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-78
References (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls - (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls - Vendor Advisory
CPE cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*

24 Apr 2023, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-24 18:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-27991

Mitre link : CVE-2023-27991

CVE.ORG link : CVE-2023-27991


JSON object : View

Products Affected

zyxel

  • usg_flex_200_firmware
  • atp100w_firmware
  • atp800_firmware
  • usg20-vpn
  • vpn50
  • atp700
  • atp800
  • usg_20w-vpn_firmware
  • usg_flex_50w_firmware
  • usg_flex_200
  • atp200_firmware
  • vpn300
  • atp500
  • vpn100
  • vpn1000_firmware
  • atp100w
  • atp100
  • atp500_firmware
  • usg_flex_500_firmware
  • usg_flex_50
  • vpn100_firmware
  • usg_flex_100_firmware
  • vpn50_firmware
  • usg_flex_50w
  • atp200
  • usg_flex_500
  • usg_flex_100
  • usg_flex_700_firmware
  • usg_flex_100w_firmware
  • vpn1000
  • usg_20w-vpn
  • usg_flex_700
  • usg_flex_100w
  • atp100_firmware
  • atp700_firmware
  • vpn300_firmware
  • usg20-vpn_firmware
  • usg_flex_50_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')