← Back to CVE List

CVE-2023-28767

Published: 2023-07-17T17:15Z
Last Modified: 2024-11-21T07:55Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt