An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
History
01 Dec 2023, 21:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:* |
|
| First Time |
Zyxel vpn1000
Zyxel usg Flex 50w Zyxel Zyxel vpn300 Zyxel usg Flex 700 Zyxel vpn50 Zyxel usg Flex 500 Zyxel usg Flex 100 Zyxel usg Flex 100w Zyxel zld Zyxel usg Flex 200 Zyxel vpn100 Zyxel usg Flex 50 |
|
| References | () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-apsĀ - Vendor Advisory |
28 Nov 2023, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-28 03:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-5960
Mitre link : CVE-2023-5960
CVE.ORG link : CVE-2023-5960
JSON object : View
Products Affected
zyxel
- vpn100
- zld
- vpn1000
- vpn50
- usg_flex_50
- usg_flex_50w
- usg_flex_500
- usg_flex_100w
- usg_flex_100
- usg_flex_700
- usg_flex_200
- vpn300
CWE
CWE-269
Improper Privilege Management