CVE-2023-22914: Path Traversal
First published: Mon Apr 24 2023(Updated: )
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel USG Flex 100 firmware | >=4.50<=5.35 | |
| Zyxel USG FLEX 100 | ||
| Zyxel USG FLEX 100w firmware | >=4.50<=5.35 | |
| Zyxel USG FLEX 100w firmware | ||
| Zyxel USG FLEX firmware | >=4.50<=5.35 | |
| Zyxel USG FLEX 200 firmware | ||
| Zyxel USG FLEX 50(W) series firmware | >=4.50<=5.35 | |
| Zyxel USG FLEX 50 | ||
| Zyxel USG FLEX 50w | >=4.50<=5.35 | |
| Zyxel USG FLEX 50(W) series firmware | ||
| Zyxel USG FLEX firmware | >=4.50<=5.35 | |
| Zyxel USG FLEX 500 firmware | ||
| Zyxel USG FLEX firmware | >=4.50<=5.35 | |
| Zyxel USG FLEX 700 firmware | ||
| Zyxel VPN100 | >=4.50<=5.35 | |
| Zyxel VPN100 Firmware | ||
| Zyxel VPN1000 Firmware | >=4.50<=5.35 | |
| Zyxel VPN1000 Firmware | ||
| Zyxel Zywall VPN 300 Firmware | >=4.50<=5.35 | |
| Zyxel Zywall VPN300 | ||
| Zyxel Zywall VPN 50 Firmware | >=4.50<=5.35 | |
| Zyxel VPN50 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the Zyxel USG FLEX series firmware?
The vulnerability ID of the Zyxel USG FLEX series firmware is CVE-2023-22914.
What is the severity of CVE-2023-22914?
The severity of CVE-2023-22914 is high with a CVSS score of 7.2.
Which Zyxel USG FLEX series firmware versions are affected by CVE-2023-22914?
Zyxel USG FLEX series firmware versions 4.50 through 5.35 are affected by CVE-2023-22914.
How can a remote attacker exploit CVE-2023-22914?
A remote authenticated attacker with administrator privileges can exploit CVE-2023-22914 to execute unauthorized OS commands.
What is the recommended action for fixing CVE-2023-22914?
Update the affected Zyxel USG FLEX series firmware versions to a patched version provided by Zyxel.
- agent/type
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/source
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zyxel
- canonical/zyxel usg flex 100 firmware
- version/zyxel usg flex 100 firmware/4.50
- version/zyxel usg flex 100 firmware/5.35
- canonical/zyxel usg flex 100
- canonical/zyxel usg flex 100w firmware
- version/zyxel usg flex 100w firmware/4.50
- version/zyxel usg flex 100w firmware/5.35
- canonical/zyxel usg flex firmware
- version/zyxel usg flex firmware/4.50
- version/zyxel usg flex firmware/5.35
- canonical/zyxel usg flex 200 firmware
- canonical/zyxel usg flex 50(w) series firmware
- version/zyxel usg flex 50(w) series firmware/4.50
- version/zyxel usg flex 50(w) series firmware/5.35
- canonical/zyxel usg flex 50
- canonical/zyxel usg flex 50w
- version/zyxel usg flex 50w/4.50
- version/zyxel usg flex 50w/5.35
- canonical/zyxel usg flex 500 firmware
- canonical/zyxel usg flex 700 firmware
- canonical/zyxel vpn100
- version/zyxel vpn100/4.50
- version/zyxel vpn100/5.35
- canonical/zyxel vpn100 firmware
- canonical/zyxel vpn1000 firmware
- version/zyxel vpn1000 firmware/4.50
- version/zyxel vpn1000 firmware/5.35
- canonical/zyxel zywall vpn 300 firmware
- version/zyxel zywall vpn 300 firmware/4.50
- version/zyxel zywall vpn 300 firmware/5.35
- canonical/zyxel zywall vpn300
- canonical/zyxel zywall vpn 50 firmware
- version/zyxel zywall vpn 50 firmware/4.50
- version/zyxel zywall vpn 50 firmware/5.35
- canonical/zyxel vpn50 firmware