{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37925", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2023-07-11T01:52:33.655Z", "datePublished": "2023-11-28T01:30:55.186Z", "dateUpdated": "2024-08-02T17:23:27.715Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ATP series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "versions 4.32 through 5.37"}]}, {"defaultStatus": "unaffected", "product": "USG FLEX series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "versions 4.50 through 5.37"}]}, {"defaultStatus": "unaffected", "product": "USG FLEX 50(W) series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "versions 4.16 through 5.37"}]}, {"defaultStatus": "unaffected", "product": "USG20(W)-VPN series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "versions 4.16 through 5.37"}]}, {"defaultStatus": "unaffected", "product": "VPN series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "versions 4.30 through 5.37"}]}, {"defaultStatus": "unaffected", "product": "NWA50AX firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "6.29(ABYW.2)"}]}, {"defaultStatus": "unaffected", "product": "WAC500 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "6.65(ABVS.1)"}]}, {"defaultStatus": "unaffected", "product": "WAX300H firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "6.60(ACHF.1)"}]}, {"defaultStatus": "unaffected", "product": "WBE660S firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "6.65(ACGG.1)"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device."}], "value": "An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2023-11-28T01:30:55.186Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.715Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18", "versionEndIncluding": "5.37", "versionStartIncluding": "4.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0", "versionEndIncluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD", "versionEndIncluding": "5.37", "versionStartIncluding": "4.16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*", "matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625", "versionEndIncluding": "5.37", "versionStartIncluding": "4.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7DDF8F2-1E1C-4040-B24D-7959863AD5AF", "versionEndExcluding": "6.70\\(abtg.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6372C936-65AD-431B-B0F3-3731E6B236EC", "versionEndExcluding": "6.70\\(abvt.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", "matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D24E34B2-E5E8-4269-A168-4904A7751427", "versionEndExcluding": "6.70\\(abtd.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3B44BE7-A6FD-4B9B-B6F9-60A4B792E57B", "versionEndExcluding": "6.70\\(acco.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D93BE4DB-8B74-4FE1-814D-22E78027FC7B", "versionEndExcluding": "6.80\\(abyw.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A88CCD01-D827-4891-8E99-67B6FD064FE9", "versionEndExcluding": "6.80\\(acge.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C732FD48-F3FC-45A6-9081-D2067305D6F7", "versionEndExcluding": "6.80\\(abzl.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "221D7820-55CA-447C-94FB-4946EC1536E7", "versionEndExcluding": "6.80\\(accv.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D936894-A119-4EC4-BA51-3B2CD9F3F477", "versionEndExcluding": "6.80\\(acgf.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34B57801-88C6-4BAB-A47F-EE428F8208C1", "versionEndExcluding": "6.70\\(abvs.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E013C28-F1C2-474C-B909-6BE89752C335", "versionEndExcluding": "6.70\\(abwa.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E174A280-1FC8-4A97-B7B1-3B8F5B47EB82", "versionEndExcluding": "6.70\\(abtf.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "40288F50-E5B5-4398-BCBB-0C946869AB64", "versionEndExcluding": "6.70\\(abte.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", "matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6EE5DA9-A76F-47EE-8DF2-7950DD37A1B7", "versionEndExcluding": "6.70\\(accn.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C0C05AC-CF02-4D2B-BB8D-7DF960BAD814", "versionEndExcluding": "6.70\\(abzd.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EBCEA07-66B1-48A0-9121-09C5FE30A4E2", "versionEndExcluding": "6.70\\(accm.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FE4DC40-903F-4063-99EA-D7D272400D22", "versionEndExcluding": "6.70\\(abrm.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", "matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C85EF6D-0300-4AE9-98FE-2FA05F6392D4", "versionEndExcluding": "6.70\\(acdo.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*", "matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "31DA2420-6E71-45FE-A1B4-76524431F932", "versionEndExcluding": "6.70\\(acgg.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad de administraci\u00f3n de privilegios inadecuada en el comando CLI de depuraci\u00f3n de las versiones de firmware: \nserie Zyxel ATP 4.32 a 5.37, \nserie USG FLEX 4.50 a 5.37, \nserie USG FLEX 50(W) 4.16 a 5.37, \nserie USG20(W)-VPN 4.16 a 5.37, \nserie VPN 4.30 a 5.37,\nNWA50AX 6.29 (ABYW.2), \nWAC500 6.65 (ABVS.1), \nWAX300H 6.60 (ACHF.1) y\nWBE660S 6.65 ( ACGG.1).\nPodr\u00eda permitir que un atacante local autenticado acceda a los archivos del sistema en un dispositivo afectado."}], "id": "CVE-2023-37925", "lastModified": "2024-11-21T08:12:29.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2023-11-28T02:15:42.547", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}

{}

{}