Information Exposure Vulnerability in Zyxel ATP and USG FLEX Series Firmware
CVE-2023-22918

6.5MEDIUM

Key Information:

Vendor

Zyxel
Status
Atp Series Firmware
Usg Flex Series Firmware
Usg Flex 50(w) Firmware
Usg20(w)-vpn Firmware
Vendor
CVE Published:
24 April 2023

What is CVE-2023-22918?

An information exposure vulnerability exists in the CGI program of Zyxel's ATP and USG FLEX series firmware, affecting several versions. This flaw enables remote authenticated attackers to potentially access sensitive, encrypted administrative information from affected devices. The vulnerability affects multiple products including several versions of the Zyxel ATP, USG FLEX, and VPN series firmware, as well as selected access points, putting administrative data at risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ATP series firmware 4.32 through 5.35

NWA110AX firmware <= 6.50(ABTG.2)

USG FLEX 50(W) firmware 4.16 through 5.35

References

https://www.zyxel.com/global/en/support/security-advisori...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.