Sign-up

ID

VAR-202304-1913


CVE

CVE-2023-22916


TITLE

plural  ZyXEL  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-009324

DESCRIPTION

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode. usg flex 100 firmware, usg flex 100w firmware, USG FLEX 200 firmware etc. ZyXEL There are unspecified vulnerabilities in the product.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-22916 // JVNDB: JVNDB-2023-009324 // VULMON: CVE-2023-22916

AFFECTED PRODUCTS

vendor:zyxelmodel:usg flex 100wscope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:vpn100scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp200scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp700scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp100scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp500scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:vpn50scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn300scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp100wscope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp800scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg 20-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn300scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp800scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn1000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-009324 // NVD: CVE-2023-22916

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-22916
value: HIGH

Trust: 1.8

security@zyxel.com.tw: CVE-2023-22916
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202304-1908
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 2.0

NVD: CVE-2023-22916
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-009324 // NVD: CVE-2023-22916 // NVD: CVE-2023-22916 // CNNVD: CNNVD-202304-1908

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009324 // NVD: CVE-2023-22916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-1908

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202304-1908

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-22916

PATCH
title:Zyxel ATP Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=236008
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202304-1908

EXTERNAL IDS
db:NVDid:CVE-2023-22916
Trust: 3.3
db:JVNDBid:JVNDB-2023-009324
Trust: 0.8
db:CNNVDid:CNNVD-202304-1908
Trust: 0.6
db:VULMONid:CVE-2023-22916
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-22916 // 
            
            
            
            JVNDB: JVNDB-2023-009324 // 
            
            
            
            NVD: CVE-2023-22916 // 
            
            
            
            CNNVD: CNNVD-202304-1908

REFERENCES
url:https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2023-22916
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-22916/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-22916 // 
            
            
            
            JVNDB: JVNDB-2023-009324 // 
            
            
            
            NVD: CVE-2023-22916 // 
            
            
            
            CNNVD: CNNVD-202304-1908

SOURCES
db:VULMONid:CVE-2023-22916
db:JVNDBid:JVNDB-2023-009324
db:NVDid:CVE-2023-22916
db:CNNVDid:CNNVD-202304-1908

LAST UPDATE DATE
2023-12-18T12:14:48.086000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-22916date:2023-04-24T00:00:00
db:JVNDBid:JVNDB-2023-009324date:2023-12-05T05:26:00
db:NVDid:CVE-2023-22916date:2023-05-04T19:35:46.887
db:CNNVDid:CNNVD-202304-1908date:2023-05-06T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-22916date:2023-04-24T00:00:00
db:JVNDBid:JVNDB-2023-009324date:2023-12-05T00:00:00
db:NVDid:CVE-2023-22916date:2023-04-24T17:15:09.767
db:CNNVDid:CNNVD-202304-1908date:2023-04-24T00:00:00