Vulnerability Description
An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Zld | >= 4.50, <= 5.37 |
| Zyxel | Usg Flex 100 | - |
| Zyxel | Usg Flex 100W | - |
| Zyxel | Usg Flex 200 | - |
| Zyxel | Usg Flex 50 | - |
| Zyxel | Usg Flex 500 | - |
| Zyxel | Usg Flex 50W | - |
| Zyxel | Usg Flex 700 | - |
| Zyxel | Vpn100 | - |
| Zyxel | Vpn1000 | - |
| Zyxel | Vpn300 | - |
| Zyxel | Vpn50 | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
FAQ
What is CVE-2023-5960?
CVE-2023-5960 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an...
How severe is CVE-2023-5960?
CVE-2023-5960 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5960?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Zld, Zyxel Usg Flex 100, Zyxel Usg Flex 100W, Zyxel Usg Flex 200, Zyxel Usg Flex 50.