Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-6399

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.

Published

2024-02-20T02:15:49.407

Last Modified

2025-01-21T18:36:34.413

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-134
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	atp100_firmware	< 5.37	Yes
Operating System	zyxel	atp100_firmware	5.37	Yes
Operating System	zyxel	atp100_firmware	5.37	Yes
Hardware	zyxel	atp100	-	No
Operating System	zyxel	atp100w_firmware	< 5.37	Yes
Operating System	zyxel	atp100w_firmware	5.37	Yes
Operating System	zyxel	atp100w_firmware	5.37	Yes
Hardware	zyxel	atp100w	-	No
Operating System	zyxel	atp200_firmware	< 5.37	Yes
Operating System	zyxel	atp200_firmware	5.37	Yes
Operating System	zyxel	atp200_firmware	5.37	Yes
Hardware	zyxel	atp200	-	No
Operating System	zyxel	atp500_firmware	< 5.37	Yes
Operating System	zyxel	atp500_firmware	5.37	Yes
Operating System	zyxel	atp500_firmware	5.37	Yes
Hardware	zyxel	atp500	-	No
Operating System	zyxel	atp700_firmware	< 5.37	Yes
Operating System	zyxel	atp700_firmware	5.37	Yes
Operating System	zyxel	atp700_firmware	5.37	Yes
Hardware	zyxel	atp700	-	No
Operating System	zyxel	atp800_firmware	< 5.37	Yes
Operating System	zyxel	atp800_firmware	5.37	Yes
Operating System	zyxel	atp800_firmware	5.37	Yes
Hardware	zyxel	atp800	-	No
Operating System	zyxel	usg_flex_100_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_100_firmware	5.37	Yes
Operating System	zyxel	usg_flex_100_firmware	5.37	Yes
Hardware	zyxel	usg_flex_100	-	No
Operating System	zyxel	usg_flex_100ax_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_100ax_firmware	5.37	Yes
Operating System	zyxel	usg_flex_100ax_firmware	5.37	Yes
Hardware	zyxel	usg_flex_100ax	-	No
Operating System	zyxel	usg_flex_100h_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_100h_firmware	5.37	Yes
Operating System	zyxel	usg_flex_100h_firmware	5.37	Yes
Hardware	zyxel	usg_flex_100h	-	No
Operating System	zyxel	usg_flex_100w_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_100w_firmware	5.37	Yes
Operating System	zyxel	usg_flex_100w_firmware	5.37	Yes
Hardware	zyxel	usg_flex_100w	-	No
Operating System	zyxel	usg_flex_200_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_200_firmware	5.37	Yes
Operating System	zyxel	usg_flex_200_firmware	5.37	Yes
Hardware	zyxel	usg_flex_200	-	No
Operating System	zyxel	usg_flex_200h_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_200h_firmware	5.37	Yes
Operating System	zyxel	usg_flex_200h_firmware	5.37	Yes
Hardware	zyxel	usg_flex_200h	-	No
Operating System	zyxel	usg_flex_200hp_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_200hp_firmware	5.37	Yes
Operating System	zyxel	usg_flex_200hp_firmware	5.37	Yes
Hardware	zyxel	usg_flex_200hp	-	No
Operating System	zyxel	usg_flex_500_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_500_firmware	5.37	Yes
Operating System	zyxel	usg_flex_500_firmware	5.37	Yes
Hardware	zyxel	usg_flex_500	-	No
Operating System	zyxel	usg_flex_500h_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_500h_firmware	5.37	Yes
Operating System	zyxel	usg_flex_500h_firmware	5.37	Yes
Hardware	zyxel	usg_flex_500h	-	No
Operating System	zyxel	usg_flex_700_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_700_firmware	5.37	Yes
Operating System	zyxel	usg_flex_700_firmware	5.37	Yes
Hardware	zyxel	usg_flex_700	-	No
Operating System	zyxel	usg_flex_700h_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_700h_firmware	5.37	Yes
Operating System	zyxel	usg_flex_700h_firmware	5.37	Yes
Hardware	zyxel	usg_flex_700h	-	No
Operating System	zyxel	usg_flex_50_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_50_firmware	5.37	Yes
Operating System	zyxel	usg_flex_50_firmware	5.37	Yes
Hardware	zyxel	usg_flex_50	-	No
Operating System	zyxel	usg_flex_50w_firmware	< 5.37	Yes
Operating System	zyxel	usg_flex_50w_firmware	5.37	Yes
Operating System	zyxel	usg_flex_50w_firmware	5.37	Yes
Hardware	zyxel	usg_flex_50w	-	No
Operating System	zyxel	usg20-vpn_firmware	< 5.37	Yes
Operating System	zyxel	usg20-vpn_firmware	5.37	Yes
Operating System	zyxel	usg20-vpn_firmware	5.37	Yes
Hardware	zyxel	usg20-vpn	-	No
Operating System	zyxel	usg20w-vpn_firmware	< 5.37	Yes
Operating System	zyxel	usg20w-vpn_firmware	5.37	Yes
Operating System	zyxel	usg20w-vpn_firmware	5.37	Yes
Hardware	zyxel	usg20w-vpn	-	No
Operating System	zyxel	uos	1.10	Yes
Operating System	zyxel	uos	1.10	Yes
Hardware	zyxel	usg_flex_100h	-	No
Hardware	zyxel	usg_flex_100hp	-	No
Hardware	zyxel	usg_flex_200h	-	No
Hardware	zyxel	usg_flex_200hp	-	No
Hardware	zyxel	usg_flex_500h	-	No
Hardware	zyxel	usg_flex_700h	-	No

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024 Vendor Advisory ([email protected])
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)