{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-22918", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "dateUpdated": "2024-08-02T10:20:31.470Z", "dateReserved": "2023-01-10T00:00:00", "datePublished": "2023-04-24T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2023-04-24T00:00:00"}, "descriptions": [{"lang": "en", "value": "A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device."}], "affected": [{"vendor": "Zyxel", "product": "ATP series firmware", "versions": [{"version": "4.32 through 5.35", "status": "affected"}]}, {"vendor": "Zyxel", "product": "USG FLEX series firmware", "versions": [{"version": "4.50 through 5.35", "status": "affected"}]}, {"vendor": "Zyxel", "product": "USG FLEX 50(W) firmware", "versions": [{"version": "4.16 through 5.35", "status": "affected"}]}, {"vendor": "Zyxel", "product": "USG20(W)-VPN firmware", "versions": [{"version": "4.16 through 5.35", "status": "affected"}]}, {"vendor": "Zyxel", "product": "VPN series firmware", "versions": [{"version": "4.30 through 5.35", "status": "affected"}]}, {"vendor": "Zyxel", "product": "NWA110AX firmware", "versions": [{"version": "<= 6.50(ABTG.2)", "status": "affected"}]}, {"vendor": "Zyxel", "product": "WAC500 firmware", "versions": [{"version": "<= 6.50(ABVS.0)", "status": "affected"}]}, {"vendor": "Zyxel", "product": "WAX510D firmware", "versions": [{"version": "<= 6.50(ABTF.2)", "status": "affected"}]}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "cweId": "CWE-359"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:31.470Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "84A41F09-4474-4ABC-B2FA-92B17F63A7CA", "versionEndExcluding": "5.36", "versionStartIncluding": "4.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73E39B94-291E-4E3A-8A89-B74FF063BA05", "versionEndExcluding": "5.36", "versionStartIncluding": "4.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7728D2C4-0B0A-404E-92BC-AAA1A1987BFD", "versionEndExcluding": "5.36", "versionStartIncluding": "4.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B7E5F75-5577-4511-A1F4-1BD142D60BD5", "versionEndExcluding": "5.36", "versionStartIncluding": "4.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8F79940-F737-4A71-9FAC-1F99E0BCE450", "versionEndExcluding": "5.36", "versionStartIncluding": "4.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "791D6928-BE82-4678-A8A4-39C9D9A1C684", "versionEndExcluding": "5.36", "versionStartIncluding": "4.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6", "versionEndExcluding": "5.36", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "07895A23-2B15-4631-A55A-798B35A63E2D", "versionEndExcluding": "5.36", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F65ACDFE-3A54-46D6-98CA-2D51957072AF", "versionEndExcluding": "5.36", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8FF81-5020-429E-ABC7-D0F18A5177F5", "versionEndExcluding": "5.36", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD0F817C-6388-41E2-9F80-9B5427036865", "versionEndExcluding": "5.36", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D65F0EC-7ACA-4B80-8D4E-2C1459837D15", "versionEndExcluding": "5.36", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "224300FB-2462-4E88-A41E-E9E8EAE9CF48", "versionEndExcluding": "5.36", "versionStartIncluding": "4.16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F61480ED-BBF0-49EC-A814-CEFDE1FBFA08", "versionEndExcluding": "5.36", "versionStartIncluding": "4.16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7079103C-ED92-40C3-AF42-4689822A96E2", "versionEndExcluding": "5.36", "versionStartIncluding": "4.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB329984-D2A1-40B4-826D-78643B8DD4C8", "versionEndExcluding": "5.36", "versionStartIncluding": "4.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DB62871-BC40-43D8-A486-471CD9316332", "versionEndExcluding": "5.36", "versionStartIncluding": "4.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0135FFF-62FA-4AEA-8B67-1CCA2D85D8E0", "versionEndExcluding": "5.36", "versionStartIncluding": "4.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B01FA34A-CA33-48E7-978C-638FC678C9C1", "versionEndExcluding": "5.36", "versionStartIncluding": "4.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nap203_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "85AA4E30-0A0E-4353-B88D-A856B83162DF", "versionEndIncluding": "6.28\\(abfa.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nap203:-:*:*:*:*:*:*:*", "matchCriteriaId": "80AE2CEA-90AC-421A-86BB-F404CDE7785D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nap303_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36AD6F34-B17E-4853-9375-62B51DE5F1D2", "versionEndIncluding": "6.28\\(abex.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nap303:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4BF5D4C-DB8E-4077-BE78-C73AA203406C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nap353_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "49E8EA12-187E-402B-866A-9125B2287292", "versionEndIncluding": "6.28\\(abey.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nap353:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BCEC13E-3D1C-4B42-87F5-94FE1066C218", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "58E64F26-5465-4BD8-A948-39022B5AAA52", "versionEndIncluding": "6.50\\(abtg.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123-ac_hd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8DEEFBF-DD32-40E5-A431-BE6A93D529A4", "versionEndIncluding": "6.25\\(abin.9\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123-ac_hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A0FB576-76A2-4A25-979E-5E5B3BF5C636", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123-ac-pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3448A074-A9B8-40BD-8DFA-E7097E402750", "versionEndIncluding": "6.28\\(abhd.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123-ac-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DC66B07-67FB-47F6-B54B-E40BE89F33A9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFC6F464-DAE9-42CE-9339-C5E35B90B17B", "versionEndIncluding": "6.50\\(abvt.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", "matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCE46E92-D9DD-439C-BD41-88738FA652B7", "versionEndIncluding": "6.50\\(abtd.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DECB1230-D22C-4FBD-909C-6315B66B189D", "versionEndIncluding": "6.50\\(acco.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B73F329-98E5-496F-BE38-47DD023DCB64", "versionEndIncluding": "6.55\\(acge.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5804045-E32E-40E0-B42E-80755C385974", "versionEndIncluding": "6.50\\(acge.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa5123-ac_hd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "881C0001-B6CA-409D-8901-653227098219", "versionEndIncluding": "6.25\\(abim.9\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa5123-ac_hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D85300F-9207-438C-A149-80FC7C6C0746", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4484EA94-3E1D-4DA8-B612-A35D50DC1103", "versionEndIncluding": "6.29\\(abzl.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D091EB4-A1FC-4E5F-AEE2-6EF879DC5B0A", "versionEndIncluding": "6.29\\(accv.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4FF6556-2B10-4A8C-9325-0A6D4B41E529", "versionEndIncluding": "6.50\\(acgf.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D277464-AF76-4799-9B71-E96CB12BE0C0", "versionEndIncluding": "6.50\\(abvs.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "57DFDE05-C95F-446B-BA97-98EBA11C9794", "versionEndIncluding": "6.50\\(abwa.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac5302d-sv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "84A8FBD7-8461-474E-AFB1-BCAE24D4A2CD", "versionEndIncluding": "6.25\\(abvz.9\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac5302d-sv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A690501F-DC2D-4F90-ABC0-33B5F1279C36", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6103d-i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DF539FD-EDEA-4D37-8F1C-267884A617EF", "versionEndIncluding": "6.28\\(aaxh.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6103d-i:-:*:*:*:*:*:*:*", "matchCriteriaId": "341DB051-7F01-4B36-BA15-EBC25FACB439", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6303d-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "622C2163-0B2F-4A32-B5C4-4111B8EC9096", "versionEndIncluding": "6.25\\(abgl.9\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6303d-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0F08117-0BCE-4EA1-8DA7-1AC4EFF67E2F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6502d-e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A929856C-58D2-41AB-9EAC-E655123FD4FE", "versionEndIncluding": "6.28\\(aasd.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6502d-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD8842C8-FB0A-46F0-9BB4-CAC6334D1E51", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6502d-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB36BF49-E31B-4F35-84B9-3EF20989FE2A", "versionEndIncluding": "6.28\\(aase.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6502d-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD108388-ABE5-4142-910F-C3C8B1C13617", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6503d-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCA23320-A0E2-4A63-A20A-1F5FD7504C5F", "versionEndIncluding": "6.28\\(aasf.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6503d-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DFDF64A-17F5-4F05-8700-DCA36CCB6F2B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6552d-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E49B6FA1-4FCE-4802-8FCA-988048D9A595", "versionEndIncluding": "6.28\\(abio.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6552d-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD47738A-9001-4CC1-8FED-1D1CFC56F548", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6553d-e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD253268-2B7D-43BF-86BD-E603A52FD98A", "versionEndIncluding": "6.28\\(aasg.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6553d-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "55273BCE-4F2C-4ED9-9FCB-D1197555BD53", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0C89819-CCB6-42A0-8045-850D544D1BBA", "versionEndIncluding": "6.50\\(abtf.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA21E78C-585A-4689-96B7-18C5DB44D2DE", "versionEndIncluding": "6.50\\(abte.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", "matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B470158-EE21-45EB-BDEC-5396DE9CB23C", "versionEndIncluding": "6.50\\(accn.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "43DD5397-02A9-40DD-BD02-052095CB8DDB", "versionEndIncluding": "6.50\\(abzd.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F946BABC-A982-4625-AD9F-962C6FBDFDE9", "versionEndIncluding": "6.50\\(accm.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2260165C-2483-4F48-8E70-DC82B5DA1554", "versionEndIncluding": "6.50\\(abrm.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", "matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6B0AE56-107B-41E2-A06A-BC8DC0A32FE7", "versionEndIncluding": "6.50\\(acdo.2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*", "matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device."}], "id": "CVE-2023-22918", "lastModified": "2023-06-12T15:40:49.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2023-04-24T18:15:09.027", "references": [{"source": "security@zyxel.com.tw", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-359"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}

{}