A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device.
Metrics
Affected Vendors & Products
References
History
Wed, 12 Feb 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: Zyxel
Published:
Updated: 2025-02-12T16:21:34.031Z
Reserved: 2023-01-10T00:00:00.000Z
Link: CVE-2023-22913

Updated: 2024-08-02T10:20:31.464Z

Status : Modified
Published: 2023-04-24T17:15:09.550
Modified: 2024-11-21T07:45:38.187
Link: CVE-2023-22913

No data.