CVE-2023-6398
CVE-2023-6398
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.2EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
20 feb 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,
USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,
NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Zyxel · ATP series firmwareZyxel · NWA50AX firmwareZyxel · USG20(W)-VPN series firmwareZyxel · USG FLEX 50(W) series firmwareZyxel · USG FLEX H series firmwareZyxel · USG FLEX series firmwareZyxel · WAC500 firmwareZyxel · WAX300H firmwareZyxel · WBE660S firmware¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →