USG FLEX

CVEs (4)

CVE	Vendor / Product	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2023-28771	Hola VPN	0.23	—	0.94	KEV	Apr 25, 2023	Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an…
CVE-2023-34139	Zyxel USG FLEX series	0.00	—	0.00		Jul 17, 2023	A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS…
CVE-2023-22913	Zyxel USG FLEX series	0.00	—	0.01		Apr 24, 2023	A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify…
CVE-2023-22914	Zyxel USG FLEX series	0.00	—	0.01		Apr 24, 2023	A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute…

CVE-2023-28771KEVApr 25, 2023
Hola
VPN
risk 0.23cvss —epss 0.94
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an…
CVE-2023-34139Jul 17, 2023
Zyxel
USG FLEX series
risk 0.00cvss —epss 0.00
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS…
CVE-2023-22913Apr 24, 2023
Zyxel
USG FLEX series
risk 0.00cvss —epss 0.01
A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify…
CVE-2023-22914Apr 24, 2023
Zyxel
USG FLEX series
risk 0.00cvss —epss 0.01
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute…