PT-2023-7252 · Zyxel · Zyxel Usg Flex+1
Alessandro Sgreccia
·
Published
2023-11-06
·
Updated
2023-12-01
·
CVE-2023-5960
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zyxel USG FLEX series firmware versions 4.50 through 5.37
Zyxel VPN series firmware versions 4.30 through 5.37
Description
The issue is related to improper privilege management in the hotspot feature of the affected devices. This could allow an authenticated local attacker to access system files on an affected device, potentially leading to unauthorized access to protected information.
Recommendations
For Zyxel USG FLEX series firmware versions 4.50 through 5.37, update to a version outside of this range to resolve the issue.
For Zyxel VPN series firmware versions 4.30 through 5.37, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the hotspot feature until a patch is available.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zyxel Usg Flex
Zyxel Vpn