Vulnerability Description
An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Zld | >= 4.32, <= 5.37 |
| Zyxel | Atp100 | - |
| Zyxel | Atp100W | - |
| Zyxel | Atp200 | - |
| Zyxel | Atp500 | - |
| Zyxel | Atp700 | - |
| Zyxel | Atp800 | - |
| Zyxel | Usg Flex 100 | - |
| Zyxel | Usg Flex 100W | - |
| Zyxel | Usg Flex 200 | - |
| Zyxel | Usg Flex 50 | - |
| Zyxel | Usg Flex 500 | - |
| Zyxel | Usg Flex 50W | - |
| Zyxel | Usg Flex 700 | - |
| Zyxel | Usg 20W-Vpn | - |
| Zyxel | Vpn50W | - |
| Zyxel | Vpn100 | - |
| Zyxel | Vpn1000 | - |
| Zyxel | Vpn300 | - |
| Zyxel | Vpn50 | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
FAQ
What is CVE-2023-35136?
CVE-2023-35136 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) seri...
How severe is CVE-2023-35136?
CVE-2023-35136 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35136?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Zld, Zyxel Atp100, Zyxel Atp100W, Zyxel Atp200, Zyxel Atp500.