VYPR
Unrated severityNVD Advisory· Published Feb 20, 2024· Updated Aug 25, 2024

CVE-2023-6398

CVE-2023-6398

Description

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,

USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,

NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Zyxel/NWA50AXllm-fuzzy
    Range: <=6.29(ABYW.3)
  • Zyxel/ATP seriesllm-fuzzy2 versions
    >=4.32, <=5.37 Patch 1+ 1 more
    • (no CPE)range: >=4.32, <=5.37 Patch 1
    • (no CPE)range: version 4.32 through 5.37 Patch 1
  • Zyxel/NWA50AX firmwarev5
    Range: < 6.29(ABYW.4)
  • Range: version 4.16 through 5.37 Patch 1
  • Zyxel/USG FLEX seriescpe-rescue3 versions
    version 4.16 through 5.37 Patch 1+ 2 more
    • (no CPE)range: version 4.16 through 5.37 Patch 1
    • (no CPE)range: version 1.10 through 1.10 Patch 1
    • (no CPE)range: version 4.50 through 5.37 Patch 1
  • Zyxel/WAC500 firmwarev5
    Range: < 6.70(ABVS.1)
  • Zyxel/WAX300H firmwarev5
    Range: < 6.70(ACHF.1)
  • Zyxel/WBE660S firmwarev5
    Range: < 6.70(ACGG.1)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.