QID 731221

Date Published: 2024-03-01

QID 731221: Zyxel ATP and USG Multiple Security Vulnerabilities

Zyxel ATP and USG devices contain the following security vulnerabilities:

CVE-2023-6397: A null pointer dereference vulnerability could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the Anti-Malware feature enabled.
CVE-2023-6398: A post-authentication command injection vulnerability in the file upload binary functionality could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
CVE-2023-6764: A format string vulnerability in a function of the IPSec VPN feature in some firewall versions could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected devices memory layout and configuration.

Affected Versions:
Zyxel ATP versions ZLD V4.32 to V5.37 Patch 1
Zyxel USG FLEX ZLD V4.50 to V5.37 Patch 1

QID Detection Logic:
This unauthenticated QID detects vulnerable Zyxel versions based on the self reported information exposed via the zld_product_spec.js source file.

NOTE: Since we currently can not detect the patch level of affected devices, this QID is potential.

Depending on the vulnerability being exploited, an unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code or cause a denial of service (DoS) condition on the targeted system.

CVSS V3 rated as Critical - 8.1 severity.

CVSS V2 rated as High - 6.8 severity.

Solution

Customers are advised to upgrade to ZLD V5.37 Patch 2 or later versions to remediate these vulnerabilities. More information can be found >here.

Vendor References

Security Advisory - www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-21-2024

CVEs related to QID 731221

CVE-2023-6397 | CVE-2023-6398 | CVE-2023-6764 |

Software Advisories

Advisory ID	Software	Component	Link
Security Advisory			www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-21-2024

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].