CVE-2023-22918

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions 4.32 through 5.35 Zyxel USG FLEX series versions 4.50 through 5.35 Zyxel USG FLEX 50(W) versions 4.16 through 5.35 Zyxel USG20(W)-VPN versions 4.16 through 5.35 Zyxel VPN series versions 4.30 through 5.35 Zyxel NWA110AX versions 6.50(ABTG.2) and earlier Zyxel WAC500 versions 6.50(ABVS.0) and earlier Zyxel WAX510D versions 6.50(ABTF.2) and earlier

Description The issue is related to a post-authentication information exposure vulnerability in the CGI program of the affected Zyxel devices. This vulnerability could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. The vulnerability is associated with inadequate access restrictions to personal information.

Recommendations For Zyxel ATP series versions 4.32 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel USG FLEX series versions 4.50 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel USG FLEX 50(W) versions 4.16 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel USG20(W)-VPN versions 4.16 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel VPN series versions 4.30 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel NWA110AX versions 6.50(ABTG.2) and earlier, update to a version later than 6.50(ABTG.2) to resolve the issue. For Zyxel WAC500 versions 6.50(ABVS.0) and earlier, update to a version later than 6.50(ABVS.0) to resolve the issue. For Zyxel WAX510D versions 6.50(ABTF.2) and earlier, update to a version later than 6.50(ABTF.2) to resolve the issue.