CVE-2023-28767

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*

History

26 Jul 2023, 21:36

Type Values Removed Values Added
References (MISC) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers - (MISC) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers - Vendor Advisory
CWE CWE-78
CPE cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*

17 Jul 2023, 17:31

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-17 17:15

Updated : 2024-02-05 00:01


NVD link : CVE-2023-28767

Mitre link : CVE-2023-28767

CVE.ORG link : CVE-2023-28767


JSON object : View

Products Affected

zyxel

  • zywall_vpn_50_firmware
  • usg_flex_200_firmware
  • zywall_atp800_firmware
  • zywall_vpn_300
  • zywall_vpn50_firmware
  • zywall_atp100w_firmware
  • zywall_atp800
  • zywall_atp100
  • usg_20w-vpn_firmware
  • zywall_vpn100
  • zywall_atp700_firmware
  • usg_flex_50w_firmware
  • usg_flex_200
  • zywall_atp500
  • usg_2200-vpn
  • zywall_atp200_firmware
  • zywall_vpn_300_firmware
  • zywall_vpn_50
  • usg_2200-vpn_firmware
  • zywall_atp100w
  • usg_flex_500_firmware
  • usg_flex_50
  • zywall_atp200
  • zywall_vpn2s
  • usg_flex_100_firmware
  • usg_flex_50w
  • zywall_vpn_100
  • zywall_atp700
  • usg_flex_500
  • usg_flex_100
  • usg_flex_700_firmware
  • zywall_vpn100_firmware
  • zywall_vpn2s_firmware
  • usg_flex_100w_firmware
  • zywall_vpn50
  • zywall_atp100_firmware
  • usg_20w-vpn
  • zywall_vpn_100_firmware
  • usg_flex_700
  • usg_flex_100w
  • zywall_atp500_firmware
  • zywall_vpn300_firmware
  • zywall_vpn300
  • usg_flex_50_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')