Refine your search
12 vulnerabilities found for USG FLEX series firmware by Zyxel
CVE-2025-9133 (GCVE-0-2025-9133)
Vulnerability from nvd
Published
2025-10-21 01:57
Modified
2025-10-22 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: versions from V4.32 through V5.40 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:55:27.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.32 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.50 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.16 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.16 through V5.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker\u2014who has completed only the first stage of the two-factor authentication (2FA) process\u2014to view and download the system configuration from an affected device."
}
],
"value": "A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker\u2014who has completed only the first stage of the two-factor authentication (2FA) process\u2014to view and download the system configuration from an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T01:57:20.265Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-missing-authorization-vulnerabilities-in-zld-firewalls-10-21-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2025-9133",
"datePublished": "2025-10-21T01:57:20.265Z",
"dateReserved": "2025-08-19T01:09:14.783Z",
"dateUpdated": "2025-10-22T03:55:27.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8078 (GCVE-0-2025-8078)
Vulnerability from nvd
Published
2025-10-21 01:49
Modified
2025-10-22 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: versions from V4.32 through V5.40 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:55:11.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.32 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version from V4.50 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.16 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.16 through V5.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command."
}
],
"value": "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T01:49:29.266Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-missing-authorization-vulnerabilities-in-zld-firewalls-10-21-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2025-8078",
"datePublished": "2025-10-21T01:49:29.266Z",
"dateReserved": "2025-07-23T09:10:08.765Z",
"dateUpdated": "2025-10-22T03:55:11.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11667 (GCVE-0-2024-11667)
Vulnerability from nvd
Published
2024-11-27 09:39
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: versions V5.00 through V5.38 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_100hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_50ax_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_60ax_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.38",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp800_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atp_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.38",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg20-vpn_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg20-vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.38",
"status": "affected",
"version": "5.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_50w_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "5.38",
"status": "affected",
"version": "5.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11667",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T04:55:26.617036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-12-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11667"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:34.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11667"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-03T00:00:00+00:00",
"value": "CVE-2024-11667 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions V5.00 through V5.38"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions V5.00 through V5.38"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions V5.10 through V5.38"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions V5.10 through V5.38"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware\u0026nbsp;versions V5.00 through V5.38,\u0026nbsp;USG FLEX 50(W) series firmware\u0026nbsp;versions V5.10 through V5.38, and\u0026nbsp;USG20(W)-VPN series firmware\u0026nbsp;versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL."
}
],
"value": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware\u00a0versions V5.00 through V5.38,\u00a0USG FLEX 50(W) series firmware\u00a0versions V5.10 through V5.38, and\u00a0USG20(W)-VPN series firmware\u00a0versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-28T02:11:49.265Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2024-11667",
"datePublished": "2024-11-27T09:39:41.691Z",
"dateReserved": "2024-11-25T07:15:56.063Z",
"dateUpdated": "2025-10-21T22:55:34.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33010 (GCVE-0-2023-33010)
Vulnerability from nvd
Published
2023-05-24 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: 4.32 through 5.36 Patch 1 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33010",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:00:52.460065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:47.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-05T00:00:00+00:00",
"value": "CVE-2023-33010 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.36 Patch 1"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.36 Patch 1"
}
]
},
{
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 5.36 Patch 1"
}
]
},
{
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 5.36 Patch 1"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.36 Patch 1"
}
]
},
{
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 4.73 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-33010",
"datePublished": "2023-05-24T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:47.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33009 (GCVE-0-2023-33009)
Vulnerability from nvd
Published
2023-05-24 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: 4.60 through 5.36 Patch 1 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33009",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:14:56.233928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:47.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-05T00:00:00+00:00",
"value": "CVE-2023-33009 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 4.73 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T06:17:00.675Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-33009",
"datePublished": "2023-05-24T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:47.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28771 (GCVE-0-2023-28771)
Vulnerability from nvd
Published
2023-04-25 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ZyWALL/USG series firmware |
Version: 4.60 through 4.73 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28771",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-18T05:00:32.985076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-05-31",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28771"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:48.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28771"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-31T00:00:00+00:00",
"value": "CVE-2023-28771 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 4.73"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.35"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.35"
}
]
},
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls"
},
{
"url": "http://packetstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-28771",
"datePublished": "2023-04-25T00:00:00.000Z",
"dateReserved": "2023-03-23T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:48.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9133 (GCVE-0-2025-9133)
Vulnerability from cvelistv5
Published
2025-10-21 01:57
Modified
2025-10-22 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: versions from V4.32 through V5.40 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:55:27.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.32 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.50 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.16 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.16 through V5.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker\u2014who has completed only the first stage of the two-factor authentication (2FA) process\u2014to view and download the system configuration from an affected device."
}
],
"value": "A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker\u2014who has completed only the first stage of the two-factor authentication (2FA) process\u2014to view and download the system configuration from an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T01:57:20.265Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-missing-authorization-vulnerabilities-in-zld-firewalls-10-21-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2025-9133",
"datePublished": "2025-10-21T01:57:20.265Z",
"dateReserved": "2025-08-19T01:09:14.783Z",
"dateUpdated": "2025-10-22T03:55:27.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8078 (GCVE-0-2025-8078)
Vulnerability from cvelistv5
Published
2025-10-21 01:49
Modified
2025-10-22 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: versions from V4.32 through V5.40 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:55:11.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.32 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "version from V4.50 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.16 through V5.40"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions from V4.16 through V5.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command."
}
],
"value": "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T01:49:29.266Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-missing-authorization-vulnerabilities-in-zld-firewalls-10-21-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2025-8078",
"datePublished": "2025-10-21T01:49:29.266Z",
"dateReserved": "2025-07-23T09:10:08.765Z",
"dateUpdated": "2025-10-22T03:55:11.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11667 (GCVE-0-2024-11667)
Vulnerability from cvelistv5
Published
2024-11-27 09:39
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: versions V5.00 through V5.38 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_100hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_50ax_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_60ax_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.38",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp800_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atp_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.38",
"status": "affected",
"version": "5.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg20-vpn_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg20-vpn_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.38",
"status": "affected",
"version": "5.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usg_flex_50w_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "5.38",
"status": "affected",
"version": "5.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11667",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T04:55:26.617036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-12-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11667"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:34.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11667"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-03T00:00:00+00:00",
"value": "CVE-2024-11667 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions V5.00 through V5.38"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions V5.00 through V5.38"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions V5.10 through V5.38"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "versions V5.10 through V5.38"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware\u0026nbsp;versions V5.00 through V5.38,\u0026nbsp;USG FLEX 50(W) series firmware\u0026nbsp;versions V5.10 through V5.38, and\u0026nbsp;USG20(W)-VPN series firmware\u0026nbsp;versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL."
}
],
"value": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware\u00a0versions V5.00 through V5.38,\u00a0USG FLEX 50(W) series firmware\u00a0versions V5.10 through V5.38, and\u00a0USG20(W)-VPN series firmware\u00a0versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-28T02:11:49.265Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2024-11667",
"datePublished": "2024-11-27T09:39:41.691Z",
"dateReserved": "2024-11-25T07:15:56.063Z",
"dateUpdated": "2025-10-21T22:55:34.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33009 (GCVE-0-2023-33009)
Vulnerability from cvelistv5
Published
2023-05-24 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: 4.60 through 5.36 Patch 1 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33009",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:14:56.233928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:47.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-05T00:00:00+00:00",
"value": "CVE-2023-33009 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.36 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 4.73 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T06:17:00.675Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-33009",
"datePublished": "2023-05-24T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:47.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33010 (GCVE-0-2023-33010)
Vulnerability from cvelistv5
Published
2023-05-24 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ATP series firmware |
Version: 4.32 through 5.36 Patch 1 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33010",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:00:52.460065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:47.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-05T00:00:00+00:00",
"value": "CVE-2023-33010 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.32 through 5.36 Patch 1"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.50 through 5.36 Patch 1"
}
]
},
{
"product": "USG FLEX 50(W) firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 5.36 Patch 1"
}
]
},
{
"product": "USG20(W)-VPN firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 5.36 Patch 1"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.30 through 5.36 Patch 1"
}
]
},
{
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.25 through 4.73 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-33010",
"datePublished": "2023-05-24T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:47.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28771 (GCVE-0-2023-28771)
Vulnerability from cvelistv5
Published
2023-04-25 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zyxel | ZyWALL/USG series firmware |
Version: 4.60 through 4.73 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28771",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-18T05:00:32.985076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-05-31",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28771"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:48.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28771"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-31T00:00:00+00:00",
"value": "CVE-2023-28771 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZyWALL/USG series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 4.73"
}
]
},
{
"product": "VPN series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.35"
}
]
},
{
"product": "USG FLEX series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.35"
}
]
},
{
"product": "ATP series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.60 through 5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls"
},
{
"url": "http://packetstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-28771",
"datePublished": "2023-04-25T00:00:00.000Z",
"dateReserved": "2023-03-23T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:48.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}