Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-35136

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

Published

2023-11-28T02:15:42.143

Last Modified

2024-11-21T08:08:00.423

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	zld	≤ 5.37	Yes
Hardware	zyxel	atp100	-	No
Hardware	zyxel	atp100w	-	No
Hardware	zyxel	atp200	-	No
Hardware	zyxel	atp500	-	No
Hardware	zyxel	atp700	-	No
Hardware	zyxel	atp800	-	No
Operating System	zyxel	zld	≤ 5.37	Yes
Hardware	zyxel	usg_flex_100	-	No
Hardware	zyxel	usg_flex_100w	-	No
Hardware	zyxel	usg_flex_200	-	No
Hardware	zyxel	usg_flex_50	-	No
Hardware	zyxel	usg_flex_500	-	No
Hardware	zyxel	usg_flex_50w	-	No
Hardware	zyxel	usg_flex_700	-	No
Operating System	zyxel	zld	≤ 5.37	Yes
Hardware	zyxel	usg_20w-vpn	-	No
Hardware	zyxel	vpn50w	-	No
Operating System	zyxel	zld	≤ 5.37	Yes
Hardware	zyxel	vpn100	-	No
Hardware	zyxel	vpn1000	-	No
Hardware	zyxel	vpn300	-	No
Hardware	zyxel	vpn50	-	No

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps Vendor Advisory ([email protected])
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)