CVE-2023-5960

Name of the Vulnerable Software and Affected Versions Zyxel USG FLEX series firmware versions 4.50 through 5.37 Zyxel VPN series firmware versions 4.30 through 5.37

Description The issue is related to improper privilege management in the hotspot feature of the affected devices. This could allow an authenticated local attacker to access system files on an affected device, potentially leading to unauthorized access to protected information.

Recommendations For Zyxel USG FLEX series firmware versions 4.50 through 5.37, update to a version outside of this range to resolve the issue. For Zyxel VPN series firmware versions 4.30 through 5.37, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the hotspot feature until a patch is available.