Filtered by vendor Zyxel Subscriptions
Filtered by product Atp Series Firmware Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-28767 1 Zyxel 47 Atp Series Firmware, Usg 20w-vpn, Usg 20w-vpn Firmware and 44 more 2024-11-07 8.8 High
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.