PT-2023-02: Auth Path Traversal and Command Injection in account_print.cgi in Zyxel products

HIGH

(7.5) CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

THREATSCAPE

Analytics articles

What are the security threats on your network?

Check your traffic-for free

Request pilot

PT-2023-02: Auth Path Traversal and Command Injection in account_print.cgi in Zyxel products

Vendor: Zyxel

Vulnerable product: USG FLEX, VPN

Vulnerable version: USG FLEX - ZLD V4.50~V5.35; VPN - ZLD V4.30~V5.35

Vulnerability type:

• CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Identifier (ID):

• CVE-2023-22914

Vulnerability vector:

• Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

• Severity (CVSSv3.1): 7.2(high)

• Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

• Severity (CVSSv4.0): 7.5(high)

Description:

An issue was identified in Zyxel products affecting: USG FLEX ZLD (V4.50-V5.35) и VPN (ZLD V4.30-V5.35).
Discovered vulnerability in account_print.cgi can be exploited by an authenticated attacker with administrator privileges to execute unauthorized OS commands in the tmp directory if hotspot function is enabled.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 25.04.2023

Recommendations:

• Update to version ZLD V5.36 or higher

Additional information:

• Security advisory

Researcher: Nikita Abramov (Positive Technologies)

Identifier:

CVE-2023-22914

Vendor:

Zyxel

Vulnerable product:

USG FLEX, VPN

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.