CVE-2023-5650

Name of the Vulnerable Software and Affected Versions ZyXEL USG FLEX series firmware versions 4.50 through 5.37 ZyXEL USG FLEX 50(W) series firmware versions 4.16 through 5.37 ZyXEL USG20(W)-VPN series firmware versions 4.16 through 5.37 ZyXEL VPN series firmware versions 4.30 through 5.37 ZyXEL ATP series firmware versions 4.32 through 5.37

Description The issue is related to improper privilege management in the ZySH of the affected devices, which could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.

Recommendations For ZyXEL USG FLEX series firmware versions 4.50 through 5.37, update to a version outside of this range to resolve the issue. For ZyXEL USG FLEX 50(W) series firmware versions 4.16 through 5.37, update to a version outside of this range to resolve the issue. For ZyXEL USG20(W)-VPN series firmware versions 4.16 through 5.37, update to a version outside of this range to resolve the issue. For ZyXEL VPN series firmware versions 4.30 through 5.37, update to a version outside of this range to resolve the issue. For ZyXEL ATP series firmware versions 4.32 through 5.37, update to a version outside of this range to resolve the issue.