CVE-2023-22914

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.

*Credits: N/A

CVSS Scores

NISTv3.1 7.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-01-10 CVE Reserved
2023-04-24 CVE Published
2024-05-26 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps	2023-05-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zyxel Search vendor "Zyxel"	Usg Flex 100 Firmware Search vendor "Zyxel" for product "Usg Flex 100 Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Usg Flex 100 Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 100 Search vendor "Zyxel" for product "Usg Flex 100"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 100w Firmware Search vendor "Zyxel" for product "Usg Flex 100w Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Usg Flex 100w Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 100w Search vendor "Zyxel" for product "Usg Flex 100w"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 200 Firmware Search vendor "Zyxel" for product "Usg Flex 200 Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Usg Flex 200 Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 200 Search vendor "Zyxel" for product "Usg Flex 200"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 50 Firmware Search vendor "Zyxel" for product "Usg Flex 50 Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Usg Flex 50 Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 50 Search vendor "Zyxel" for product "Usg Flex 50"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 50w Firmware Search vendor "Zyxel" for product "Usg Flex 50w Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Usg Flex 50w Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 50w Search vendor "Zyxel" for product "Usg Flex 50w"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 500 Firmware Search vendor "Zyxel" for product "Usg Flex 500 Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Usg Flex 500 Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 500 Search vendor "Zyxel" for product "Usg Flex 500"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 700 Firmware Search vendor "Zyxel" for product "Usg Flex 700 Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Usg Flex 700 Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 700 Search vendor "Zyxel" for product "Usg Flex 700"	-	-	Safe
Zyxel Search vendor "Zyxel"	Vpn100 Firmware Search vendor "Zyxel" for product "Vpn100 Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Vpn100 Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Vpn100 Search vendor "Zyxel" for product "Vpn100"	-	-	Safe
Zyxel Search vendor "Zyxel"	Vpn1000 Firmware Search vendor "Zyxel" for product "Vpn1000 Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Vpn1000 Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Vpn1000 Search vendor "Zyxel" for product "Vpn1000"	-	-	Safe
Zyxel Search vendor "Zyxel"	Vpn300 Firmware Search vendor "Zyxel" for product "Vpn300 Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Vpn300 Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Vpn300 Search vendor "Zyxel" for product "Vpn300"	-	-	Safe
Zyxel Search vendor "Zyxel"	Vpn50 Firmware Search vendor "Zyxel" for product "Vpn50 Firmware"	>= 4.50 <= 5.35 Search vendor "Zyxel" for product "Vpn50 Firmware" and version " >= 4.50 <= 5.35"	-	Affected	in	Zyxel Search vendor "Zyxel"	Vpn50 Search vendor "Zyxel" for product "Vpn50"	-	-	Safe