CVE-2023-22918

24.04.2023, 18:15

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Zyxel	CNA	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
zyxel	atp200_firmware	4.32 ≤ 𝑥 < 5.36
zyxel	atp100_firmware	4.32 ≤ 𝑥 < 5.36
zyxel	atp700_firmware	4.32 ≤ 𝑥 < 5.36
zyxel	atp500_firmware	4.32 ≤ 𝑥 < 5.36
zyxel	atp100w_firmware	4.32 ≤ 𝑥 < 5.36
zyxel	atp800_firmware	4.32 ≤ 𝑥 < 5.36
zyxel	usg_flex_100_firmware	4.50 ≤ 𝑥 < 5.36
zyxel	usg_flex_50_firmware	4.50 ≤ 𝑥 < 5.36
zyxel	usg_flex_200_firmware	4.50 ≤ 𝑥 < 5.36
zyxel	usg_flex_500_firmware	4.50 ≤ 𝑥 < 5.36
zyxel	usg_flex_700_firmware	4.50 ≤ 𝑥 < 5.36
zyxel	usg_flex_100w_firmware	4.50 ≤ 𝑥 < 5.36
zyxel	usg_20w-vpn_firmware	4.16 ≤ 𝑥 < 5.36
zyxel	usg_flex_50w_firmware	4.16 ≤ 𝑥 < 5.36
zyxel	usg20-vpn_firmware	4.30 ≤ 𝑥 < 5.36
zyxel	vpn100_firmware	4.30 ≤ 𝑥 < 5.36
zyxel	vpn1000_firmware	4.30 ≤ 𝑥 < 5.36
zyxel	vpn300_firmware	4.30 ≤ 𝑥 < 5.36
zyxel	vpn50_firmware	4.30 ≤ 𝑥 < 5.36
zyxel	nap203_firmware	𝑥 ≤ 6.28\(abfa.0\)
zyxel	nap303_firmware	𝑥 ≤ 6.28\(abex.0\)
zyxel	nap353_firmware	𝑥 ≤ 6.28\(abey.0\)
zyxel	nwa110ax_firmware	𝑥 ≤ 6.50\(abtg.2\)
zyxel	nwa1123-ac_hd_firmware	𝑥 ≤ 6.25\(abin.9\)
zyxel	nwa1123-ac-pro_firmware	𝑥 ≤ 6.28\(abhd.0\)
zyxel	nwa1123acv3_firmware	𝑥 ≤ 6.50\(abvt.0\)
zyxel	nwa210ax_firmware	𝑥 ≤ 6.50\(abtd.2\)
zyxel	nwa220ax-6e_firmware	𝑥 ≤ 6.50\(acco.2\)
zyxel	nwa50ax_firmware	𝑥 ≤ 6.55\(acge.1\)
zyxel	nwa50ax-pro_firmware	𝑥 ≤ 6.50\(acge.0\)
zyxel	nwa5123-ac_hd_firmware	𝑥 ≤ 6.25\(abim.9\)
zyxel	nwa55axe_firmware	𝑥 ≤ 6.29\(abzl.1\)
zyxel	nwa90ax_firmware	𝑥 ≤ 6.29\(accv.1\)
zyxel	nwa90ax-pro_firmware	𝑥 ≤ 6.50\(acgf.0\)
zyxel	wac500_firmware	𝑥 ≤ 6.50\(abvs.0\)
zyxel	wac500h_firmware	𝑥 ≤ 6.50\(abwa.0\)
zyxel	wac5302d-sv2_firmware	𝑥 ≤ 6.25\(abvz.9\)
zyxel	wac6103d-i_firmware	𝑥 ≤ 6.28\(aaxh.0\)
zyxel	wac6303d-s_firmware	𝑥 ≤ 6.25\(abgl.9\)
zyxel	wac6502d-e_firmware	𝑥 ≤ 6.28\(aasd.0\)
zyxel	wac6502d-s_firmware	𝑥 ≤ 6.28\(aase.0\)
zyxel	wac6503d-s_firmware	𝑥 ≤ 6.28\(aasf.0\)
zyxel	wac6552d-s_firmware	𝑥 ≤ 6.28\(abio.0\)
zyxel	wac6553d-e_firmware	𝑥 ≤ 6.28\(aasg.0\)
zyxel	wax510d_firmware	𝑥 ≤ 6.50\(abtf.2\)
zyxel	wax610d_firmware	𝑥 ≤ 6.50\(abte.2\)
zyxel	wax620d-6e_firmware	𝑥 ≤ 6.50\(accn.2\)
zyxel	wax630s_firmware	𝑥 ≤ 6.50\(abzd.2\)
zyxel	wax640s-6e_firmware	𝑥 ≤ 6.50\(accm.2\)
zyxel	wax650s_firmware	𝑥 ≤ 6.50\(abrm.2\)
zyxel	wax655e_firmware	𝑥 ≤ 6.50\(acdo.2\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps