cve-2023-6397
Vulnerability from cvelistv5
Published
2024-02-20 01:19
Modified
2024-08-02 08:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
References
security@zyxel.com.twhttps://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024Vendor Advisory
Impacted products
ZyxelATP series firmware
ZyxelUSG FLEX series firmware
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6397",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T16:53:30.036548Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:11.624Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.794Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ATP series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "version 4.32  through 5.37 Patch 1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "USG FLEX series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "version 4.50 through 5.37 Patch 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nA null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the \u201cAnti-Malware\u201d feature enabled.\n\n\n\n"
            }
          ],
          "value": "\n\n\n\n\n\n\n\n\n\n\n\nA null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the \u201cAnti-Malware\u201d feature enabled.\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-20T01:48:00.951Z",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2023-6397",
    "datePublished": "2024-02-20T01:19:27.475Z",
    "dateReserved": "2023-11-30T07:58:12.915Z",
    "dateUpdated": "2024-08-02T08:28:21.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-6397\",\"sourceIdentifier\":\"security@zyxel.com.tw\",\"published\":\"2024-02-20T02:15:48.793\",\"lastModified\":\"2025-01-21T18:47:29.627\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nA null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the \u201cAnti-Malware\u201d feature enabled.\\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de desreferencia de puntero nulo en las versiones de firmware de la serie Zyxel ATP desde 4.32 hasta 5.37 parche 1 y en las versiones de firmware de la serie USG FLEX desde 4.50 hasta 5.37 parche 1 podr\u00eda permitir que un atacante basado en LAN provoque condiciones de denegaci\u00f3n de servicio (DoS) descargando un archivo comprimido RAR creado en un host del lado LAN si el firewall tiene habilitada la funci\u00f3n \u201cAnti-Malware\u201d.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.32\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"22B1CC86-551C-4CF1-9905-22D983C87B0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"121E2131-A6CB-4714-BD0B-9CDBFF924F10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4AA7A4F-E00F-4CFA-8B4F-305BEC37F0B8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F7654A1-3806-41C7-82D4-46B0CD7EE53B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.32\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"9E4D7828-078E-4418-9F04-302FC7F8BB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F750721F-73AD-4BDD-A407-72D8DEB30C68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"069E7437-BF71-4F73-8C0A-44DC9804492B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.32\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"67DC678C-8CA1-4289-A69B-435FE3374BCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B20F854E-486D-46C0-90C8-81153573FEF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE71538C-16FD-43B1-B6CD-EB5988AFB7BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D68A36FF-8CAF-401C-9F18-94F3A2405CF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.32\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"B5C9B7E5-F548-4F9F-8CA7-20B7D41DF0AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E8933B8-F66E-4667-955E-DB5486534C5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F694EDC-DEF2-47D4-BCF0-32972EF8CEA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2818E8AC-FFEE-4DF9-BF3F-C75166C0E851\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.32\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"8E1974D6-04C1-4135-812D-6901712940EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp700_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E3E890B-8BDE-4C22-BFF7-B87495C71C48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp700_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3037AE20-8F8B-4656-9534-6436A8AEA8C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B41F437-855B-4490-8011-DF59887BE6D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.32\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"21C4C98F-B383-4F2F-B84E-3C6DDD8437DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp800_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"67FA1CEC-DED7-46D4-A4FC-780431B3EE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp800_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFD1CE91-B72C-4589-9A5F-F1164C0193AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B99746-0589-46E6-9CBD-F38619AD97DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"0D66CA5F-C85F-4D69-8F82-BDCF6FCB905C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF266069-4FA5-4343-B62C-0940A0C61566\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E0ECA5-7FE6-4E56-A741-E3260C99A43A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B30A4C0-9928-46AD-9210-C25656FB43FB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"9CF216E5-870B-4C6E-9CFA-A5FB6F476CB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"395E8D72-E9F6-4923-B4DE-875D195B27F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCBEDDCD-A9F6-4E07-ADF8-B1E9C557CDEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03036815-04AE-4E39-8310-DA19A32CFA48\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"C220BBFF-29A6-483B-9806-6A966625EFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"45EEA203-C4E3-4916-A9E5-15AB994B53FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A21576D3-6A3F-451C-9B62-E0B0418D5529\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED28D5ED-B21A-4CD6-947E-9C21EA801B7D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"E5E31FC3-E2EC-4909-BF8D-86775AF4D4B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC61CF4F-74D5-4C96-8D8A-779436CF344D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"25EB6607-7241-4D01-BC87-3C3E62B27B6B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D74ABA7E-AA78-4A13-A64E-C44021591B42\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"D6EF9AA9-65D5-4D7B-A2BF-9150C6339282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E4CC2FF-2BB1-43E8-A7AA-56A220705FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"31206A47-4A01-4FB7-A0AA-E9D22C63941D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F93B6A06-2951-46D2-A7E1-103D7318D612\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"69B29C9B-DB92-4DBD-9F83-1C9FABAC81B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDE985D-B016-4303-8EE6-904C79F8FE82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ACD16E9-7EE0-4AD5-9D71-121AFAEF7947\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D15ECD-4942-407A-A62E-9785568C6B78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"DCC129C3-AD72-44AE-B89D-5BF40559B9F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EE95AED-D8FB-44BD-856D-2F7A6DB2AABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D764B87E-8B23-4C33-93BB-59B23CFEADBC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD7E9028-1ECB-4D88-84D8-CFC589B429AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"16DE9EA8-98AB-4EAA-AA98-122F64F8D4D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5476C178-E553-44FC-854B-5851F0F28469\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D65155-CDF2-4A99-94CA-D4B61B26D32C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"646C1F07-B553-47B0-953B-DC7DE7FD0F8B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"B221F5CD-C0C6-4917-AC15-FF1BA3904915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9D7FBB8-C983-4EFA-90CB-EC5C6A26D112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CDA1267-E136-4932-9627-B4D12DB17E27\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92C697A5-D1D3-4FF0-9C43-D27B18181958\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"C8ACA5C0-F9AC-4986-95CF-74A92DEAF45E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D168F82-50CE-4E25-B1D9-B50F69463F5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A0B9A2C-772B-4669-BC7C-71FA32B1B4EA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE57BCA4-8631-460A-BFE3-BB765E5D009F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"338384D8-1585-4AA7-90FB-E56F641E5A14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC8C2C47-FE8E-4496-9648-0B264A9A2EA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB68246-FD4B-4FB6-9140-63725EA24660\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"110A1CA4-0170-4834-8281-0A3E14FC5584\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"0FA43EB7-3F72-4250-BE9A-7449B8AEF90F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1FEDD30-0B80-4F07-8475-156B9FE46883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3953AFFC-18E6-46AA-BC99-EA65726E4D9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D1396E3-731B-4D05-A3F8-F3ABB80D5C29\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.50\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"D051AE62-28E7-4626-B5CB-F4B244260A0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5A45A9D-D9C7-495D-BD83-EE088746FD36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"606D09B9-0376-4277-9964-F0580D65C3E0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8832743A-99FA-417E-BCE1-4BF7D4CEF9BE\"}]}]}],\"references\":[{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024\",\"source\":\"security@zyxel.com.tw\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.