CVE-2023-22913 — HIGH (8.1)

Q: How severe is CVE-2023-22913?

CVE-2023-22913 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-22913?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Usg Flex 100 Firmware, Zyxel Usg Flex 100, Zyxel Usg Flex 100W Firmware, Zyxel Usg Flex 100W, Zyxel Usg Flex 200 Firmware.

Vulnerability Description

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Usg Flex 100 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 100	-
Zyxel	Usg Flex 100W Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 100W	-
Zyxel	Usg Flex 200 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 200	-
Zyxel	Usg Flex 50 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 50	-
Zyxel	Usg Flex 50W Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 50W	-
Zyxel	Usg Flex 500 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 500	-
Zyxel	Usg Flex 700 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 700	-
Zyxel	Vpn100 Firmware	>= 4.50, <= 5.35
Zyxel	Vpn100	-
Zyxel	Vpn1000 Firmware	>= 4.50, <= 5.35
Zyxel	Vpn1000	-
Zyxel	Vpn300 Firmware	>= 4.50, <= 5.35
Zyxel	Vpn300	-

Related Weaknesses (CWE)

CWE-77

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory

FAQ

What is CVE-2023-22913?

CVE-2023-22913 is a vulnerability with a CVSS score of 8.1 (HIGH). A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 thro...

How severe is CVE-2023-22913?

CVE-2023-22913 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22913?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Usg Flex 100 Firmware, Zyxel Usg Flex 100, Zyxel Usg Flex 100W Firmware, Zyxel Usg Flex 100W, Zyxel Usg Flex 200 Firmware.