Sign-up

ID

VAR-202304-1973


CVE

CVE-2023-22918


TITLE

plural  ZyXEL  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-009355

DESCRIPTION

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. ATP200 firmware, ATP100 firmware, ATP700 firmware etc. ZyXEL There are unspecified vulnerabilities in the product.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2023-22918 // JVNDB: JVNDB-2023-009355 // VULMON: CVE-2023-22918

AFFECTED PRODUCTS

vendor:zyxelmodel:nap303scope:lteversion:6.28\(abex.0\)

Trust: 1.0

vendor:zyxelmodel:atp500scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:nwa1123acv3scope:lteversion:6.50\(abvt.0\)

Trust: 1.0

vendor:zyxelmodel:wac6503d-sscope:lteversion:6.28\(aasf.0\)

Trust: 1.0

vendor:zyxelmodel:atp700scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:wac6502d-sscope:lteversion:6.28\(aase.0\)

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:atp100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:wac6553d-escope:lteversion:6.28\(aasg.0\)

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:wac6103d-iscope:lteversion:6.28\(aaxh.0\)

Trust: 1.0

vendor:zyxelmodel:nwa1123-ac hdscope:lteversion:6.25\(abin.9\)

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:wax655escope:lteversion:6.50\(acdo.2\)

Trust: 1.0

vendor:zyxelmodel:wac500scope:lteversion:6.50\(abvs.0\)

Trust: 1.0

vendor:zyxelmodel:nwa50ax-proscope:lteversion:6.50\(acge.0\)

Trust: 1.0

vendor:zyxelmodel:wax620d-6escope:lteversion:6.50\(accn.2\)

Trust: 1.0

vendor:zyxelmodel:nwa1123-ac-proscope:lteversion:6.28\(abhd.0\)

Trust: 1.0

vendor:zyxelmodel:vpn300scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:nwa210axscope:lteversion:6.50\(abtd.2\)

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:4.16

Trust: 1.0

vendor:zyxelmodel:atp100wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:nap353scope:lteversion:6.28\(abey.0\)

Trust: 1.0

vendor:zyxelmodel:wax610dscope:lteversion:6.50\(abte.2\)

Trust: 1.0

vendor:zyxelmodel:vpn100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:wax650sscope:lteversion:6.50\(abrm.2\)

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:wac500hscope:lteversion:6.50\(abwa.0\)

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:nwa5123-ac hdscope:lteversion:6.25\(abim.9\)

Trust: 1.0

vendor:zyxelmodel:nwa50axscope:lteversion:6.55\(acge.1\)

Trust: 1.0

vendor:zyxelmodel:nap203scope:lteversion:6.28\(abfa.0\)

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp200scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:nwa110axscope:lteversion:6.50\(abtg.2\)

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:nwa90axscope:lteversion:6.29\(accv.1\)

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:gteversion:4.16

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:nwa55axescope:lteversion:6.29\(abzl.1\)

Trust: 1.0

vendor:zyxelmodel:vpn50scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp800scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:wac5302d-sv2scope:lteversion:6.25\(abvz.9\)

Trust: 1.0

vendor:zyxelmodel:wac6303d-sscope:lteversion:6.25\(abgl.9\)

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:wac6552d-sscope:lteversion:6.28\(abio.0\)

Trust: 1.0

vendor:zyxelmodel:wac6502d-escope:lteversion:6.28\(aasd.0\)

Trust: 1.0

vendor:zyxelmodel:nwa220ax-6escope:lteversion:6.50\(acco.2\)

Trust: 1.0

vendor:zyxelmodel:wax510dscope:lteversion:6.50\(abtf.2\)

Trust: 1.0

vendor:zyxelmodel:wax640s-6escope:lteversion:6.50\(accm.2\)

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:nwa90ax-proscope:lteversion:6.50\(acgf.0\)

Trust: 1.0

vendor:zyxelmodel:wax630sscope:lteversion:6.50\(abzd.2\)

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:atp100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg 20-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn1000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:nap203scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg20-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp800scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn300scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-009355 // NVD: CVE-2023-22918

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-22918
value: MEDIUM

Trust: 1.8

security@zyxel.com.tw: CVE-2023-22918
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202304-1945
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2023-22918
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-009355 // NVD: CVE-2023-22918 // NVD: CVE-2023-22918 // CNNVD: CNNVD-202304-1945

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009355 // NVD: CVE-2023-22918

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-1945

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202304-1945

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-22918

PATCH
title:Zyxel ATP Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235566
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202304-1945

EXTERNAL IDS
db:NVDid:CVE-2023-22918
Trust: 3.3
db:JVNDBid:JVNDB-2023-009355
Trust: 0.8
db:CNNVDid:CNNVD-202304-1945
Trust: 0.6
db:VULMONid:CVE-2023-22918
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-22918 // 
            
            
            
            JVNDB: JVNDB-2023-009355 // 
            
            
            
            NVD: CVE-2023-22918 // 
            
            
            
            CNNVD: CNNVD-202304-1945

REFERENCES
url:https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2023-22918
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-22918/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-22918 // 
            
            
            
            JVNDB: JVNDB-2023-009355 // 
            
            
            
            NVD: CVE-2023-22918 // 
            
            
            
            CNNVD: CNNVD-202304-1945

SOURCES
db:VULMONid:CVE-2023-22918
db:JVNDBid:JVNDB-2023-009355
db:NVDid:CVE-2023-22918
db:CNNVDid:CNNVD-202304-1945

LAST UPDATE DATE
2023-12-18T12:54:24.930000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-22918date:2023-04-25T00:00:00
db:JVNDBid:JVNDB-2023-009355date:2023-12-05T06:29:00
db:NVDid:CVE-2023-22918date:2023-06-12T15:40:49.187
db:CNNVDid:CNNVD-202304-1945date:2023-05-04T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-22918date:2023-04-24T00:00:00
db:JVNDBid:JVNDB-2023-009355date:2023-12-05T00:00:00
db:NVDid:CVE-2023-22918date:2023-04-24T18:15:09.027
db:CNNVDid:CNNVD-202304-1945date:2023-04-24T00:00:00