Strix
26.1K

CVE-2023-6398

HIGHCVSS 7.2/10EPSS 1.33%

Last modified

CVE-2023-6398 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.. EPSS estimates a 1.33% chance of exploitation in the next 30 days.

Description

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.

Metrics

CVSS 3.1
7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.33%

67.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ZyxelAtp100 Firmware>= 4.32, < 5.37
ZyxelAtp100 Firmware5.37
ZyxelAtp100w Firmware>= 4.32, < 5.37
ZyxelAtp100w Firmware5.37
ZyxelAtp200 Firmware>= 4.32, < 5.37
ZyxelAtp200 Firmware5.37
ZyxelAtp500 Firmware>= 4.32, < 5.37
ZyxelAtp500 Firmware5.37
ZyxelAtp700 Firmware>= 4.32, < 5.37
ZyxelAtp700 Firmware5.37
ZyxelAtp800 Firmware>= 4.32, < 5.37
ZyxelAtp800 Firmware5.37
ZyxelUsg Flex 100 Firmware>= 4.50, < 5.37
ZyxelUsg Flex 100 Firmware5.37
ZyxelUsg Flex 100ax Firmware>= 4.50, < 5.37
ZyxelUsg Flex 100ax Firmware5.37
ZyxelUsg Flex 100h Firmware>= 4.50, < 5.37
ZyxelUsg Flex 100h Firmware5.37
ZyxelUsg Flex 100w Firmware>= 4.50, < 5.37
ZyxelUsg Flex 100w Firmware5.37
ZyxelUsg Flex 200 Firmware>= 4.50, < 5.37
ZyxelUsg Flex 200 Firmware5.37
ZyxelUsg Flex 200h Firmware>= 4.50, < 5.37
ZyxelUsg Flex 200h Firmware5.37
ZyxelUsg Flex 200hp Firmware>= 4.50, < 5.37
ZyxelUsg Flex 200hp Firmware5.37
ZyxelUsg Flex 50 Firmware>= 4.16, < 5.37
ZyxelUsg Flex 50 Firmware5.37
ZyxelUsg Flex 500 Firmware>= 4.50, < 5.37
ZyxelUsg Flex 500 Firmware5.37
ZyxelUsg Flex 500h Firmware>= 4.50, < 5.37
ZyxelUsg Flex 500h Firmware5.37
ZyxelUsg Flex 50w Firmware>= 4.16, < 5.37
ZyxelUsg Flex 50w Firmware5.37
ZyxelUsg Flex 700 Firmware>= 4.50, < 5.37
ZyxelUsg Flex 700 Firmware5.37
ZyxelUsg Flex 700h Firmware>= 4.50, < 5.37
ZyxelUsg Flex 700h Firmware5.37
ZyxelUsg20-Vpn Firmware>= 4.16, < 5.37
ZyxelUsg20-Vpn Firmware5.37
ZyxelUsg20w-Vpn Firmware>= 4.16, < 5.37
ZyxelUsg20w-Vpn Firmware5.37
ZyxelUos1.10
ZyxelNwa50ax Firmware< 6.29\(abyw.4\)
ZyxelNwa55axe Firmware< 6.29\(abzl.4\)
ZyxelNwa90ax Firmware< 6.29\(accv.4\)
ZyxelNwa110ax Firmware< 6.70\(abtg.2\)
ZyxelNwa210ax Firmware< 6.70\(abtd.2\)
ZyxelNwa220ax-6e Firmware< 6.70\(acco.1\)
ZyxelNwa1123acv3 Firmware< 6.70\(abvt.1\)

Showing 50 of 63 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2023-6398?
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
How severe is CVE-2023-6398?
CVE-2023-6398 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 1.33% probability of exploitation in the next 30 days.
How do I fix CVE-2023-6398?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-6398?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST