Unrated severityNVD Advisory· Published Apr 24, 2023· Updated Feb 12, 2025

CVE-2023-22914

Description

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Path traversal in Zyxel USG FLEX/VPN series account_print.cgi allows authenticated admin to execute OS commands via crafted file upload when hotspot is enabled.

Vulnerability

A path traversal vulnerability exists in the account_print.cgi CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35 and VPN series firmware versions 4.30 through 5.35. The flaw allows a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the /tmp directory by uploading a crafted file, provided the hotspot function is enabled on the device.

Exploitation

An attacker must have valid administrator credentials and network access to the device (note that WAN access is disabled by default, so LAN or VPN access is typically required). The hotspot feature must be enabled. The attacker uploads a specially crafted file via the account_print.cgi endpoint, exploiting the path traversal to achieve command execution in the /tmp directory.

Impact

Successful exploitation allows the attacker to execute arbitrary OS commands within the /tmp directory, potentially leading to further compromise of the device, including data exfiltration, configuration modification, or denial of service.

Mitigation

Zyxel has released firmware updates to address this vulnerability. Users should upgrade to the latest firmware version as recommended in the vendor advisory [1]. No workarounds are documented; enabling hotspot only when necessary and restricting administrative access can reduce risk.

References

Zyxel security advisory for multiple vulnerabilities of firewalls and APs | Zyxel Networks

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Zyxel/USG FLEXllm-fuzzy
Range: 4.50 through 5.35
Zyxel/VPN seriesllm-fuzzy2 versions
4.30 through 5.35+ 1 more
- (no CPE)range: 4.30 through 5.35
- (no CPE)range: 4.30 through 5.35
Zyxel/USG FLEX seriescpe-rescue
Range: 4.50 through 5.35

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-apsmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000