CVE-2023-28767
Summary
| CVE | CVE-2023-28767 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-17 17:15:00 UTC |
| Updated | 2023-07-26 21:36:00 UTC |
| Description | The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Zyxel | Usg 20w-vpn | - | All | All | All |
| Operating System | Zyxel | Usg 20w-vpn Firmware | All | All | All | All |
| Hardware | Zyxel | Usg 2200-vpn | - | All | All | All |
| Operating System | Zyxel | Usg 2200-vpn Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 100 | - | All | All | All |
| Hardware | Zyxel | Usg Flex 100w | - | All | All | All |
| Operating System | Zyxel | Usg Flex 100w Firmware | All | All | All | All |
| Operating System | Zyxel | Usg Flex 100 Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 200 | - | All | All | All |
| Operating System | Zyxel | Usg Flex 200 Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 50 | - | All | All | All |
| Hardware | Zyxel | Usg Flex 500 | - | All | All | All |
| Operating System | Zyxel | Usg Flex 500 Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 50w | - | All | All | All |
| Operating System | Zyxel | Usg Flex 50w Firmware | All | All | All | All |
| Operating System | Zyxel | Usg Flex 50 Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 700 | - | All | All | All |
| Operating System | Zyxel | Usg Flex 700 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Atp100 | - | All | All | All |
| Hardware | Zyxel | Zywall Atp100w | - | All | All | All |
| Operating System | Zyxel | Zywall Atp100w Firmware | All | All | All | All |
| Operating System | Zyxel | Zywall Atp100 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Atp200 | - | All | All | All |
| Operating System | Zyxel | Zywall Atp200 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Atp500 | - | All | All | All |
| Operating System | Zyxel | Zywall Atp500 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Atp700 | - | All | All | All |
| Operating System | Zyxel | Zywall Atp700 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Atp800 | - | All | All | All |
| Operating System | Zyxel | Zywall Atp800 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Vpn100 | - | All | All | All |
| Operating System | Zyxel | Zywall Vpn100 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Vpn2s | - | All | All | All |
| Operating System | Zyxel | Zywall Vpn2s Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Vpn300 | - | All | All | All |
| Operating System | Zyxel | Zywall Vpn300 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Vpn50 | - | All | All | All |
| Operating System | Zyxel | Zywall Vpn50 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Vpn 100 | - | All | All | All |
| Operating System | Zyxel | Zywall Vpn 100 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Vpn 300 | - | All | All | All |
| Operating System | Zyxel | Zywall Vpn 300 Firmware | All | All | All | All |
| Hardware | Zyxel | Zywall Vpn 50 | - | All | All | All |
| Operating System | Zyxel | Zywall Vpn 50 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Access denied | Zyxel Networks | MISC | www.zyxel.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.