CVE-2023-34138

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Jul 17, 2023

Updated: Jul 26, 2023

CWE ID 78

Summary

CVE-2023-34138 is a command injection vulnerability affecting multiple Zyxel firmware versions, including those used by the ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, and VPN series. An attacker, located on the LAN and able to trick an administrator into adding their IP address to the list of trusted RADIUS clients, could exploit this vulnerability to execute certain OS commands on an affected device, posing a potential security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zyxel Usg Flex 200 Firmware
Zyxel Usg Flex 500 Firmware
Zyxel Usg Flex 100 Firmware
Zyxel Usg Flex 100w Firmware
Zyxel Usg Flex 700 Firmware

Affected Vendors

ZyXEL

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sBpdPQ
https://www.cve.org/CVERecord?id=CVE-2023-34138
https://nvd.nist.gov/vuln/detail/CVE-2023-34138

Back to Vulnerability Database