A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-38241 A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 29 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel usg Flex Firmware
Zyxel vpn Firmware
CPEs cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vpn_firmware:*:*:*:*:*:*:*:*
Vendors & Products Zyxel usg Flex Firmware
Zyxel vpn Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2024-10-29T16:19:03.216Z

Reserved: 2023-05-26T03:44:51.339Z

Link: CVE-2023-34139

cve-icon Vulnrichment

Updated: 2024-08-02T16:01:54.148Z

cve-icon NVD

Status : Modified

Published: 2023-07-17T18:15:09.607

Modified: 2024-11-21T08:06:37.840

Link: CVE-2023-34139

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.