CVE-2023-22918
Description
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Post-authentication information exposure in Zyxel firewalls and APs allows remote authenticated attackers to retrieve encrypted administrator information.
Vulnerability
A post-authentication information exposure vulnerability exists in the CGI program of multiple Zyxel device series. Affected firmware versions include: ATP series firmware versions 4.32 through 5.35; USG FLEX series firmware versions 4.50 through 5.35; USG FLEX 50(W) firmware versions 4.16 through 5.35; USG20(W)-VPN firmware versions 4.16 through 5.35; VPN series firmware versions 4.30 through 5.35; NWA110AX firmware version 6.50(ABTG.2) and earlier; WAC500 firmware version 6.50(ABVS.0) and earlier; and WAX510D firmware version 6.50(ABTF.2) and earlier [1]. The vulnerability allows an authenticated remote attacker to retrieve encrypted information of the administrator on an affected device.
Exploitation
To exploit this vulnerability, an attacker must have valid credentials to authenticate to the device's management interface. No other special network position or user interaction is required beyond authentication. The exact attack vector is via a CGI program that exposes encrypted administrator data upon authenticated request [1].
Impact
A successful exploit allows the attacker to retrieve encrypted information belonging to the administrator. While the information is encrypted, its exposure could facilitate further attacks or lateral movement if the encryption can be bypassed or if the encrypted data reveals sensitive patterns. The confidentiality impact is limited to encrypted data, but the leakage still represents an information exposure [1].
Mitigation
Zyxel has released firmware updates to address this vulnerability. Users should update their devices to the latest firmware versions as specified in the security advisory [1]. For specific version details, refer to the advisory linked in the references. No workaround is mentioned; full mitigation requires installing the patch.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11- Range: 4.16 through 5.35
4.32 through 5.35+ 1 more
- (no CPE)range: 4.32 through 5.35
- (no CPE)range: 4.32 through 5.35
4.50 through 5.35+ 1 more
- (no CPE)range: 4.50 through 5.35
- (no CPE)range: 4.50 through 5.35
- Range: <= 6.50(ABTG.2)
- Zyxel/USG20(W)-VPN firmwarev5Range: 4.16 through 5.35
- Zyxel/USG FLEX 50(W) firmwarev5Range: 4.16 through 5.35
- Range: 4.30 through 5.35
- Zyxel/WAC500 firmwarev5Range: <= 6.50(ABVS.0)
- Zyxel/WAX510D firmwarev5Range: <= 6.50(ABTF.2)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.