Unrated severityNVD Advisory· Published Jul 17, 2023· Updated Oct 30, 2024

CVE-2023-34138

Description

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A command injection vulnerability in Zyxel firewall hotspot management allows unauthenticated LAN attackers to execute OS commands if an admin adds their IP to trusted RADIUS clients.

Vulnerability

A command injection vulnerability exists in the hotspot management feature of Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, and VPN series firmware versions 4.60 through 5.36 Patch 2. The vulnerability allows an unauthenticated, LAN-based attacker to execute arbitrary OS commands on the device if an authorized administrator has previously added the attacker's IP address to the list of trusted RADIUS clients [1].

Exploitation

To exploit this vulnerability, an attacker must have LAN access and trick an authorized administrator into adding their IP address to the trusted RADIUS client list. Once added, the attacker can send specially crafted input to the hotspot management feature, leading to command injection and execution of arbitrary OS commands [1].

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary OS commands on the affected device. This can lead to full compromise of the device, including unauthorized access, data disclosure, and further network attacks [1].

Mitigation

Zyxel has released patches to fix this vulnerability. Users are advised to update their firmware to the latest version. The fixed versions are available in the vendor advisory [1].

References

Zyxel security advisory for multiple vulnerabilities in firewalls and WLAN controllers | Zyxel Networks

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Zyxel/ATP seriescpe-rescue
Range: 4.60 through 5.36 Patch 2
Zyxel/USG20(W)-VPN seriescpe-rescue
Range: 4.60 through 5.36 Patch 2
Zyxel/USG FLEX seriescpe-rescue2 versions
4.60 through 5.36 Patch 2+ 1 more
- (no CPE)range: 4.60 through 5.36 Patch 2
- (no CPE)range: 4.60 through 5.36 Patch 2
Zyxel/VPN seriescpe-rescue
Range: 4.60 through 5.36 Patch 2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllersmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000