CVE-2023-22916

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions 5.10 through 5.35 Zyxel USG FLEX series versions 5.00 through 5.35 Zyxel USG FLEX 50(W) versions 5.10 through 5.35 Zyxel USG20(W)-VPN versions 5.10 through 5.35 Zyxel VPN series versions 5.00 through 5.35

Description The issue is related to insufficient input validation in the configuration parser of the affected Zyxel devices. This could allow a remote unauthenticated attacker to modify device configuration data, potentially leading to denial of service conditions if an authorized administrator is tricked into switching the management mode to cloud mode.

Recommendations For Zyxel ATP series versions 5.10 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel USG FLEX series versions 5.00 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel USG FLEX 50(W) versions 5.10 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel USG20(W)-VPN versions 5.10 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel VPN series versions 5.00 through 5.35, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the configuration parser to minimize the risk of exploitation.