{ "id": "CVE-2023-28771", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-04-25T02:15:08.743", "lastModified": "2023-05-04T18:46:01.730", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 }, { "source": "security@zyxel.com.tw", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-78" } ] }, { "source": "security@zyxel.com.tw", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-78" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "558978AD-8153-4C1F-A6DE-CCFBF69F754D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.35", "matchCriteriaId": "B150462B-6A4A-4B8C-800D-A83E24C79819" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "A32A52F5-5406-4A44-A5C1-42FCDC8C6B22" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "320FC232-D76C-4D8A-8003-7C9A7A287A4C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "2360F0CC-6958-47B6-87A9-B03D52DEBAF8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "6C4EE067-E0F0-49B7-8698-8B1AD8E346F0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "D96CB09A-9AB3-4360-ACFC-A917E7EEC460" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "F0226DAD-492B-493D-B15E-90AA593BAAAB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "030F29C9-5435-4EA5-B009-895BB2259C19" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "3CF08551-BA8E-47BC-985D-D5ED76A46793" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "62ACD903-AC40-451C-B2AB-6F843B3C8897" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "BE7B066A-5AF0-42AF-A341-A91802F588F1" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "04A828C5-B71C-43EE-8132-C14C58A52360" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "42F4D9F3-BCBF-4990-B270-3592D69FCC22" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "E136FA9E-48A2-428C-9F0A-CD9DB7F91581" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "5DCFD02F-5884-4A96-957D-4CEEDB3826BE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "5.36", "matchCriteriaId": "9C6AFD50-926C-4579-A951-4EFDCBA512F0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:zywall_usg_310_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "4.73", "matchCriteriaId": "D84D915E-8075-4DFC-8C83-D7E6A65D7AFC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:zywall_usg_310_firmware:4.73:-:*:*:*:*:*:*", "matchCriteriaId": "34699536-4CA4-4F87-8E69-A16F2C88A1E8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:zywall_usg_310:-:*:*:*:*:*:*:*", "matchCriteriaId": "A983A8D5-1B1E-4DE5-93FE-DED5B2DDCB83" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:zywall_usg_100_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.60", "versionEndExcluding": "4.73", "matchCriteriaId": "81F20DFB-ED71-4D6F-9B15-4F86341550A9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:zyxel:zywall_usg_100_firmware:4.73:-:*:*:*:*:*:*", "matchCriteriaId": "5D5DCBFB-AB12-4525-ADD4-F85059E59177" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:zyxel:zywall_usg_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB902356-D134-434B-8BAF-2CB366F32050" } ] } ] } ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls", "source": "security@zyxel.com.tw", "tags": [ "Vendor Advisory" ] } ] }