Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-22916
PUBLISHED
More InfoOfficial Page
Assigner-Zyxel
Assigner Org ID-96e50032-ad0d-4058-a115-4d2c13821f9f
View Known Exploited Vulnerability (KEV) details
Published At-24 Apr, 2023 | 00:00
Updated At-12 Feb, 2025 | 16:42
Rejected At-
▼CVE Numbering Authority (CNA)

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode.

Affected Products
Vendor
Zyxel Networks CorporationZyxel
Product
ATP series firmware
Versions
Affected
  • 5.10 through 5.35
Vendor
Zyxel Networks CorporationZyxel
Product
USG FLEX series firmware
Versions
Affected
  • 5.00 through 5.35
Vendor
Zyxel Networks CorporationZyxel
Product
USG FLEX 50(W) firmware
Versions
Affected
  • 5.10 through 5.35
Vendor
Zyxel Networks CorporationZyxel
Product
USG20(W)-VPN firmware
Versions
Affected
  • 5.10 through 5.35
Vendor
Zyxel Networks CorporationZyxel
Product
VPN series firmware
Versions
Affected
  • 5.00 through 5.35
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps
N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found