VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 17, 2023· Updated Oct 29, 2024

CVE-2023-34141

CVE-2023-34141

Description

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A command injection in Zyxel AP management lets an unauthenticated LAN attacker execute OS commands if an admin has added their IP to the managed AP list.

Vulnerability

A command injection vulnerability exists in the access point (AP) management feature of Zyxel ATP (5.00 through 5.36 Patch 2), USG FLEX (5.00 through 5.36 Patch 2), USG FLEX 50(W) (5.00 through 5.36 Patch 2), USG20(W)-VPN (5.00 through 5.36 Patch 2), VPN (5.00 through 5.36 Patch 2), NXC2500 (6.10(AAIG.0) through 6.10(AAIG.3)), and NXC5500 (6.10(AAOS.0) through 6.10(AAOS.4)) firmware versions. The flaw specifically resides in the handling of managed AP IP addresses, where user-supplied input is not properly sanitized before being used in OS commands [1].

Exploitation

An attacker must be on the same LAN segment as the affected device. The attack requires a prior action from an authorized administrator: the admin must have added the attacker's IP address to the list of managed APs. Once that IP is on the list, an unauthenticated, LAN-based attacker can exploit the command injection to execute arbitrary OS commands on the device [1].

Impact

Successful exploitation allows an unauthenticated, LAN-based attacker to execute operating system commands on the vulnerable device. This can lead to full compromise of the device's confidentiality, integrity, and availability, as the attacker can read, modify, or delete data, install malware, or disrupt operations [1].

Mitigation

Zyxel has released patches for all affected firmware versions. Users should update to the latest firmware versions as indicated in the security advisory [1]. No workaround is provided; installing the patched firmware is the only recommended mitigation.

References
  1. Zyxel security advisory for multiple vulnerabilities in firewalls and WLAN controllers | Zyxel Networks

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Zyxel/ATP seriescpe-rescue
    Range: 5.00 through 5.36 Patch 2
  • Zyxel/NXC2500 firmwarev5
    Range: 6.10(AAIG.0) through 6.10(AAIG.3)
  • Zyxel/NXC5500 firmwarev5
    Range: 6.10(AAOS.0) through 6.10(AAOS.4)
  • Zyxel/USG20(W)-VPN seriescpe-rescue
    Range: 5.00 through 5.36 Patch 2
  • Zyxel/USG FLEX seriescpe-rescue2 versions
    5.00 through 5.36 Patch 2+ 1 more
    • (no CPE)range: 5.00 through 5.36 Patch 2
    • (no CPE)range: 5.00 through 5.36 Patch 2
  • Zyxel/VPN seriescpe-rescue
    Range: 5.00 through 5.36 Patch 2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.