CVE-2023-6398

Name of the Vulnerable Software and Affected Versions ZyXEL USG FLEX versions 4.50 through 5.37 Patch 1 ZyXEL USG FLEX 50(W)/USG20(W)-VPN versions 4.16 through 5.37 Patch 1 ZyXEL USG FLEX H versions 1.10 through 1.10 Patch 1 ZyXEL ATP series firmware versions 4.32 through 5.37 Patch 1 NWA50AX firmware versions through 6.29(ABYW.3) WAC500 firmware versions through 6.65(ABVS.1) WAX300H firmware versions through 6.60(ACHF.1) WBE660S firmware versions through 6.65(ACGG.1)

Description The issue is related to a post-authentication command injection vulnerability in the file upload binary, allowing an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP. This can be achieved by exploiting the vulnerability in the file upload process, which does not properly neutralize special elements used in the command.

Recommendations For ZyXEL USG FLEX versions 4.50 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For ZyXEL USG FLEX 50(W)/USG20(W)-VPN versions 4.16 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For ZyXEL USG FLEX H versions 1.10 through 1.10 Patch 1, update to a version later than 1.10 Patch 1. For ZyXEL ATP series firmware versions 4.32 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For NWA50AX firmware versions through 6.29(ABYW.3), update to a version later than 6.29(ABYW.3). For WAC500 firmware versions through 6.65(ABVS.1), update to a version later than 6.65(ABVS.1). For WAX300H firmware versions through 6.60(ACHF.1), update to a version later than 6.60(ACHF.1). For WBE660S firmware versions through 6.65(ACGG.1), update to a version later than 6.65(ACGG.1). As a temporary workaround, consider restricting access to the FTP service until a patch is available.