TROYANOSYVIRUS
Volver a CVEs

CVE-2023-37925

MEDIUM
5.5

Descripcion

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.

Detalles CVE

Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado11/28/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

zyxel:atp100zyxel:atp100wzyxel:atp200zyxel:atp500zyxel:atp700zyxel:atp800zyxel:nwa110axzyxel:nwa110ax_firmwarezyxel:nwa1123acv3zyxel:nwa1123acv3_firmwarezyxel:nwa210axzyxel:nwa210ax_firmwarezyxel:nwa220ax-6ezyxel:nwa220ax-6e_firmwarezyxel:nwa50axzyxel:nwa50ax-prozyxel:nwa50ax-pro_firmwarezyxel:nwa50ax_firmwarezyxel:nwa55axezyxel:nwa55axe_firmwarezyxel:nwa90axzyxel:nwa90ax-prozyxel:nwa90ax-pro_firmwarezyxel:nwa90ax_firmwarezyxel:usg_20w-vpnzyxel:usg_flex_100zyxel:usg_flex_100wzyxel:usg_flex_200zyxel:usg_flex_50zyxel:usg_flex_500zyxel:usg_flex_50wzyxel:usg_flex_700zyxel:vpn100zyxel:vpn1000zyxel:vpn300zyxel:vpn50zyxel:vpn50wzyxel:wac500zyxel:wac500_firmwarezyxel:wac500hzyxel:wac500h_firmwarezyxel:wax510dzyxel:wax510d_firmwarezyxel:wax610dzyxel:wax610d_firmwarezyxel:wax620d-6ezyxel:wax620d-6e_firmwarezyxel:wax630szyxel:wax630s_firmwarezyxel:wax640s-6ezyxel:wax640s-6e_firmwarezyxel:wax650szyxel:wax650s_firmwarezyxel:wax655ezyxel:wax655e_firmwarezyxel:wbe660szyxel:wbe660s_firmwarezyxel:zld

Debilidades (CWE)

CWE-269

Referencias

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps(security@zyxel.com.tw)
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.