CVE-2023-6398

Summary

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,

USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,

NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.

Affected Software

VendorProductVersion RangeStatus
ZyxelATP series firmwareversion 4.32 through 5.37 Patch 1affected
ZyxelUSG FLEX series firmwareversion 4.50 through 5.37 Patch 1affected
ZyxelUSG FLEX 50(W) series firmwareversion 4.16 through 5.37 Patch 1affected
ZyxelUSG20(W)-VPN series firmwareversion 4.16 through 5.37 Patch 1affected
ZyxelNWA50AX firmware< 6.29(ABYW.4)affected
ZyxelWAC500 firmware< 6.70(ABVS.1)affected
ZyxelWAX300H firmware< 6.70(ACHF.1)affected
ZyxelWBE660S firmware< 6.70(ACGG.1)affected
ZyxelUSG FLEX H series firmwareversion 1.10 through 1.10 Patch 1affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References