CVE-2023-37925

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps	Vendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:atp100:-:::::::*
	cpe:2.3:h:zyxel:atp100w:-:::::::*
	cpe:2.3:h:zyxel:atp200:-:::::::*
	cpe:2.3:h:zyxel:atp500:-:::::::*
	cpe:2.3:h:zyxel:atp700:-:::::::*
	cpe:2.3:h:zyxel:atp800:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:usg_flex_100:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_100w:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_200:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_50:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_500:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_50w:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_700:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:usg_20w-vpn:-:::::::*
	cpe:2.3:h:zyxel:vpn50w:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:vpn100:-:::::::*
	cpe:2.3:h:zyxel:vpn1000:-:::::::*
	cpe:2.3:h:zyxel:vpn300:-:::::::*
	cpe:2.3:h:zyxel:vpn50:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:12

Type	Values Removed	Values Added
References	~~() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps - Vendor Advisory~~	() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps - Vendor Advisory

04 Dec 2023, 18:09

Type	Values Removed	Values Added
References	~~() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps -~~	() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps - Vendor Advisory
CPE		cpe:2.3:h:zyxel:wax510d:-:::::::* cpe:2.3:o:zyxel:nwa50ax-pro_firmware:::::::: cpe:2.3:h:zyxel:nwa55axe:-:::::::* cpe:2.3:o:zyxel:wax630s_firmware:::::::: cpe:2.3:h:zyxel:wax650s:-:::::::* cpe:2.3:o:zyxel:nwa1123acv3_firmware:::::::: cpe:2.3:o:zyxel:wax655e_firmware:::::::: cpe:2.3:h:zyxel:atp100:-:::::::* cpe:2.3:o:zyxel:nwa210ax_firmware:::::::: cpe:2.3:h:zyxel:usg_flex_200:-:::::::* cpe:2.3:h:zyxel:nwa50ax-pro:-:::::::* cpe:2.3:h:zyxel:wax640s-6e:-:::::::* cpe:2.3:h:zyxel:usg_flex_100w:-:::::::* cpe:2.3:h:zyxel:usg_flex_700:-:::::::* cpe:2.3:h:zyxel:vpn50w:-:::::::* cpe:2.3:h:zyxel:wbe660s:-:::::::* cpe:2.3:h:zyxel:usg_flex_100:-:::::::* cpe:2.3:h:zyxel:atp700:-:::::::* cpe:2.3:h:zyxel:nwa210ax:-:::::::* cpe:2.3:h:zyxel:wax655e:-:::::::* cpe:2.3:h:zyxel:usg_flex_500:-:::::::* cpe:2.3:h:zyxel:vpn1000:-:::::::* cpe:2.3:o:zyxel:wax510d_firmware:::::::: cpe:2.3:o:zyxel:nwa55axe_firmware:::::::: cpe:2.3:h:zyxel:usg_flex_50:-:::::::* cpe:2.3:h:zyxel:usg_flex_50w:-:::::::* cpe:2.3:h:zyxel:nwa1123acv3:-:::::::* cpe:2.3:h:zyxel:vpn300:-:::::::* cpe:2.3:o:zyxel:nwa90ax_firmware:::::::: cpe:2.3:h:zyxel:wax610d:-:::::::* cpe:2.3:h:zyxel:atp500:-:::::::* cpe:2.3:h:zyxel:wac500h:-:::::::* cpe:2.3:o:zyxel:wbe660s_firmware:::::::: cpe:2.3:o:zyxel:wax650s_firmware:::::::: cpe:2.3:o:zyxel:nwa50ax_firmware:::::::: cpe:2.3:h:zyxel:nwa90ax:-:::::::* cpe:2.3:o:zyxel:wac500h_firmware:::::::: cpe:2.3:h:zyxel:usg_20w-vpn:-:::::::* cpe:2.3:o:zyxel:zld:::::::: cpe:2.3:o:zyxel:nwa90ax-pro_firmware:::::::: cpe:2.3:h:zyxel:wax620d-6e:-:::::::* cpe:2.3:o:zyxel:wac500_firmware:::::::: cpe:2.3:h:zyxel:atp100w:-:::::::* cpe:2.3:h:zyxel:nwa90ax-pro:-:::::::* cpe:2.3:h:zyxel:vpn50:-:::::::* cpe:2.3:h:zyxel:nwa220ax-6e:-:::::::* cpe:2.3:o:zyxel:wax620d-6e_firmware:::::::: cpe:2.3:h:zyxel:nwa110ax:-:::::::* cpe:2.3:o:zyxel:nwa220ax-6e_firmware:::::::: cpe:2.3:h:zyxel:atp200:-:::::::* cpe:2.3:o:zyxel:nwa110ax_firmware:::::::: cpe:2.3:h:zyxel:nwa50ax:-:::::::* cpe:2.3:h:zyxel:wac500:-:::::::* cpe:2.3:o:zyxel:wax610d_firmware:::::::: cpe:2.3:h:zyxel:vpn100:-:::::::* cpe:2.3:h:zyxel:wax630s:-:::::::* cpe:2.3:o:zyxel:wax640s-6e_firmware:::::::: cpe:2.3:h:zyxel:atp800:-:::::::*

28 Nov 2023, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-28 02:15

Updated : 2024-11-21 08:12

NVD link : CVE-2023-37925

Mitre link : CVE-2023-37925

CVE.ORG link : CVE-2023-37925

JSON object : View

Products Affected

zyxel

usg_flex_50
usg_flex_200
vpn50
wbe660s_firmware
nwa110ax
nwa1123acv3
nwa1123acv3_firmware
wac500
nwa210ax
wax620d-6e_firmware
wax630s
nwa220ax-6e_firmware
atp100
nwa90ax-pro_firmware
wax640s-6e
usg_flex_50w
vpn100
nwa50ax-pro
atp700
atp800
wax655e
wax510d_firmware
wax620d-6e
atp500
usg_20w-vpn
nwa90ax_firmware
wax640s-6e_firmware
wac500_firmware
wax610d
usg_flex_500
usg_flex_100w
nwa110ax_firmware
wbe660s
atp200
wac500h_firmware
usg_flex_100
nwa210ax_firmware
wax650s_firmware
vpn1000
nwa220ax-6e
usg_flex_700
nwa50ax
nwa90ax-pro
wax655e_firmware
wax610d_firmware
nwa50ax-pro_firmware
atp100w
nwa55axe_firmware
wac500h
wax510d
nwa55axe
zld
wax630s_firmware
wax650s
vpn300
vpn50w
nwa50ax_firmware
nwa90ax

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2023-37925", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-11-28T02:15:42.547", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "tags": ["Vendor Advisory"], "source": "security@zyxel.com.tw"}, {"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad de administraci\u00f3n de privilegios inadecuada en el comando CLI de depuraci\u00f3n de las versiones de firmware: \nserie Zyxel ATP 4.32 a 5.37, \nserie USG FLEX 4.50 a 5.37, \nserie USG FLEX 50(W) 4.16 a 5.37, \nserie USG20(W)-VPN 4.16 a 5.37, \nserie VPN 4.30 a 5.37,\nNWA50AX 6.29 (ABYW.2), \nWAC500 6.65 (ABVS.1), \nWAX300H 6.60 (ACHF.1) y\nWBE660S 6.65 ( ACGG.1).\nPodr\u00eda permitir que un atacante local autenticado acceda a los archivos del sistema en un dispositivo afectado."}], "lastModified": "2024-11-21T08:12:29.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18", "versionEndIncluding": "5.37", "versionStartIncluding": "4.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"}, {"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"}, {"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"}, {"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"}, {"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"}, {"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0", "versionEndIncluding": "5.37", "versionStartIncluding": "4.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD", "versionEndIncluding": "5.37", "versionStartIncluding": "4.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"}, {"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625", "versionEndIncluding": "5.37", "versionStartIncluding": "4.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"}, {"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"}, {"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"}, {"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7DDF8F2-1E1C-4040-B24D-7959863AD5AF", "versionEndExcluding": "6.70\\(abtg.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6372C936-65AD-431B-B0F3-3731E6B236EC", "versionEndExcluding": "6.70\\(abvt.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D24E34B2-E5E8-4269-A168-4904A7751427", "versionEndExcluding": "6.70\\(abtd.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B44BE7-A6FD-4B9B-B6F9-60A4B792E57B", "versionEndExcluding": "6.70\\(acco.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D93BE4DB-8B74-4FE1-814D-22E78027FC7B", "versionEndExcluding": "6.80\\(abyw.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A88CCD01-D827-4891-8E99-67B6FD064FE9", "versionEndExcluding": "6.80\\(acge.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C732FD48-F3FC-45A6-9081-D2067305D6F7", "versionEndExcluding": "6.80\\(abzl.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "221D7820-55CA-447C-94FB-4946EC1536E7", "versionEndExcluding": "6.80\\(accv.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D936894-A119-4EC4-BA51-3B2CD9F3F477", "versionEndExcluding": "6.80\\(acgf.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34B57801-88C6-4BAB-A47F-EE428F8208C1", "versionEndExcluding": "6.70\\(abvs.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E013C28-F1C2-474C-B909-6BE89752C335", "versionEndExcluding": "6.70\\(abwa.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E174A280-1FC8-4A97-B7B1-3B8F5B47EB82", "versionEndExcluding": "6.70\\(abtf.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40288F50-E5B5-4398-BCBB-0C946869AB64", "versionEndExcluding": "6.70\\(abte.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6EE5DA9-A76F-47EE-8DF2-7950DD37A1B7", "versionEndExcluding": "6.70\\(accn.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C0C05AC-CF02-4D2B-BB8D-7DF960BAD814", "versionEndExcluding": "6.70\\(abzd.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EBCEA07-66B1-48A0-9121-09C5FE30A4E2", "versionEndExcluding": "6.70\\(accm.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FE4DC40-903F-4063-99EA-D7D272400D22", "versionEndExcluding": "6.70\\(abrm.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C85EF6D-0300-4AE9-98FE-2FA05F6392D4", "versionEndExcluding": "6.70\\(acdo.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31DA2420-6E71-45FE-A1B4-76524431F932", "versionEndExcluding": "6.70\\(acgg.0\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

JSON object

Attach tags to CVE-2023-37925

5.5^/10

Attach tags to `CVE-2023-37925`