A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device.
2023-04-24T17:15:09.550
2024-11-21T07:45:38.187
Modified
CVSSv3.1: 8.1 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | zyxel | usg_flex_100_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | usg_flex_100 | - | No |
| Operating System | zyxel | usg_flex_100w_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | usg_flex_100w | - | No |
| Operating System | zyxel | usg_flex_200_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | usg_flex_200 | - | No |
| Operating System | zyxel | usg_flex_50_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | usg_flex_50 | - | No |
| Operating System | zyxel | usg_flex_50w_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | usg_flex_50w | - | No |
| Operating System | zyxel | usg_flex_500_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | usg_flex_500 | - | No |
| Operating System | zyxel | usg_flex_700_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | usg_flex_700 | - | No |
| Operating System | zyxel | vpn100_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | vpn100 | - | No |
| Operating System | zyxel | vpn1000_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | vpn1000 | - | No |
| Operating System | zyxel | vpn300_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | vpn300 | - | No |
| Operating System | zyxel | vpn50_firmware | ≤ 5.35 | Yes |
| Hardware | zyxel | vpn50 | - | No |