CVE-2023-6399
First published: Tue Feb 20 2024(Updated: )
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel ATP series firmware | >=4.32<=5.37 Patch 1 | |
| Zyxel USG FLEX series firmware | >=4.50<=5.37 Patch 1 | |
| Zyxel USG FLEX 50(W) series firmware | >=4.16<=5.37 Patch 1 | |
| Zyxel USG 20w-VPN Firmware | >=4.16<=5.37 Patch 1 | |
| Zyxel USG FLEX h series firmware | >=1.10<=1.10 Patch 1 | |
| All of | ||
| Any of | ||
| Zyxel ZyWall ATP100 Firmware | >=5.10<5.37 | |
| Zyxel ZyWall ATP100 Firmware | =5.37 | |
| Zyxel ZyWall ATP100 Firmware | =5.37-patch1 | |
| Zyxel ATP100 Firmware | ||
| All of | ||
| Any of | ||
| Zyxel ATP100W Firmware | >=5.10<5.37 | |
| Zyxel ATP100W Firmware | =5.37 | |
| Zyxel ATP100W Firmware | =5.37-patch1 | |
| Zyxel ATP100W Firmware | ||
| All of | ||
| Any of | ||
| Zyxel ATP200 firmware | >=5.10<5.37 | |
| Zyxel ATP200 firmware | =5.37 | |
| Zyxel ATP200 firmware | =5.37-patch1 | |
| Zyxel Zywall ATP200 | ||
| All of | ||
| Any of | ||
| Zyxel ATP500 Firmware | >=5.10<5.37 | |
| Zyxel ATP500 Firmware | =5.37 | |
| Zyxel ATP500 Firmware | =5.37-patch1 | |
| Zyxel ATP500 Firmware | ||
| All of | ||
| Any of | ||
| Zyxel Zywall ATP700 | >=5.10<5.37 | |
| Zyxel Zywall ATP700 | =5.37 | |
| Zyxel Zywall ATP700 | =5.37-patch1 | |
| Zyxel ATP700 Firmware | ||
| All of | ||
| Any of | ||
| Zyxel Zywall ATP800 Firmware | >=5.10<5.37 | |
| Zyxel Zywall ATP800 Firmware | =5.37 | |
| Zyxel Zywall ATP800 Firmware | =5.37-patch1 | |
| Zyxel Zywall ATP800 Firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG Flex 100 firmware | >=5.10<5.37 | |
| Zyxel USG Flex 100 firmware | =5.37 | |
| Zyxel USG Flex 100 firmware | =5.37-patch1 | |
| Zyxel USG Flex 100 firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 100ax firmware | >=5.10<5.37 | |
| Zyxel USG FLEX 100ax firmware | =5.37 | |
| Zyxel USG FLEX 100ax firmware | =5.37-patch1 | |
| Zyxel USG FLEX 100ax firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 100ax firmware | >=5.10<5.37 | |
| Zyxel USG FLEX 100ax firmware | =5.37 | |
| Zyxel USG FLEX 100ax firmware | =5.37-patch1 | |
| Zyxel USG Flex 100HP | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 100w firmware | >=5.10<5.37 | |
| Zyxel USG FLEX 100w firmware | =5.37 | |
| Zyxel USG FLEX 100w firmware | =5.37-patch1 | |
| Zyxel USG FLEX 100w firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX firmware | >=5.10<5.37 | |
| Zyxel USG FLEX firmware | =5.37 | |
| Zyxel USG FLEX firmware | =5.37-patch1 | |
| Zyxel USG FLEX 200 firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG Flex 200HP Firmware | >=5.10<5.37 | |
| Zyxel USG Flex 200HP Firmware | =5.37 | |
| Zyxel USG Flex 200HP Firmware | =5.37-patch1 | |
| Zyxel USG FLEX 200h firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG Flex 200HP Firmware | >=5.10<5.37 | |
| Zyxel USG Flex 200HP Firmware | =5.37 | |
| Zyxel USG Flex 200HP Firmware | =5.37-patch1 | |
| Zyxel USG Flex 200HP Firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX firmware | >=5.10<5.37 | |
| Zyxel USG FLEX firmware | =5.37 | |
| Zyxel USG FLEX firmware | =5.37-patch1 | |
| Zyxel USG FLEX 500 firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 500h | >=5.10<5.37 | |
| Zyxel USG FLEX 500h | =5.37 | |
| Zyxel USG FLEX 500h | =5.37-patch1 | |
| Zyxel USG FLEX 500h firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX firmware | >=5.10<5.37 | |
| Zyxel USG FLEX firmware | =5.37 | |
| Zyxel USG FLEX firmware | =5.37-patch1 | |
| Zyxel USG FLEX 700 firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 700h firmware | >=5.10<5.37 | |
| Zyxel USG FLEX 700h firmware | =5.37 | |
| Zyxel USG FLEX 700h firmware | =5.37-patch1 | |
| Zyxel USG FLEX 700h firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 50(W) series firmware | >=5.10<5.37 | |
| Zyxel USG FLEX 50(W) series firmware | =5.37 | |
| Zyxel USG FLEX 50(W) series firmware | =5.37-patch1 | |
| Zyxel USG FLEX 50w | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 50w | >=5.10<5.37 | |
| Zyxel USG FLEX 50w | =5.37 | |
| Zyxel USG FLEX 50w | =5.37-patch1 | |
| Zyxel USG FLEX 50(W) series firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG20W-VPN Firmware | >=5.10<5.37 | |
| Zyxel USG20W-VPN Firmware | =5.37 | |
| Zyxel USG20W-VPN Firmware | =5.37-patch1 | |
| Zyxel USG20W-VPN Firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG 20W-VPN Firmware | >=5.10<5.37 | |
| Zyxel USG 20W-VPN Firmware | =5.37 | |
| Zyxel USG 20W-VPN Firmware | =5.37-patch1 | |
| Zyxel USG20W-VPN Firmware | ||
| All of | ||
| Any of | ||
| Zyxel UOS | =1.10 | |
| Zyxel UOS | =1.10-patch1 | |
| Any of | ||
| Zyxel USG Flex 100HP | ||
| Zyxel USG Flex 100HP | ||
| Zyxel USG FLEX 200h firmware | ||
| Zyxel USG Flex 200HP Firmware | ||
| Zyxel USG FLEX 500h firmware | ||
| Zyxel USG FLEX 700h firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-6399?
CVE-2023-6399 has a critical severity rating due to its potential impact when exploited.
How do I fix CVE-2023-6399?
To fix CVE-2023-6399, update the affected Zyxel firmware versions to the patched releases.
Which products are affected by CVE-2023-6399?
CVE-2023-6399 affects multiple Zyxel products including the ATP series, USG FLEX series, and USG20(VPN) series firmware versions.
What are the firmware versions impacted by CVE-2023-6399?
The affected firmware versions range from 4.32 to 5.37 Patch 1 for the specified Zyxel devices.
Can CVE-2023-6399 lead to a remote code execution exploit?
Yes, CVE-2023-6399 can be exploited through a format string vulnerability, potentially leading to remote code execution.
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- vendor/zyxel
- canonical/zyxel atp series firmware
- canonical/zyxel usg flex series firmware
- canonical/zyxel usg flex 50(w) series firmware
- canonical/zyxel usg 20w-vpn firmware
- canonical/zyxel usg flex h series firmware
- canonical/zyxel zywall atp100 firmware
- version/zyxel zywall atp100 firmware/5.10
- version/zyxel zywall atp100 firmware/5.37
- version/zyxel zywall atp100 firmware/5.37-patch1
- canonical/zyxel atp100 firmware
- canonical/zyxel atp100w firmware
- version/zyxel atp100w firmware/5.10
- version/zyxel atp100w firmware/5.37
- version/zyxel atp100w firmware/5.37-patch1
- canonical/zyxel atp200 firmware
- version/zyxel atp200 firmware/5.10
- version/zyxel atp200 firmware/5.37
- version/zyxel atp200 firmware/5.37-patch1
- canonical/zyxel zywall atp200
- canonical/zyxel atp500 firmware
- version/zyxel atp500 firmware/5.10
- version/zyxel atp500 firmware/5.37
- version/zyxel atp500 firmware/5.37-patch1
- canonical/zyxel zywall atp700
- version/zyxel zywall atp700/5.10
- version/zyxel zywall atp700/5.37
- version/zyxel zywall atp700/5.37-patch1
- canonical/zyxel atp700 firmware
- canonical/zyxel zywall atp800 firmware
- version/zyxel zywall atp800 firmware/5.10
- version/zyxel zywall atp800 firmware/5.37
- version/zyxel zywall atp800 firmware/5.37-patch1
- canonical/zyxel usg flex 100 firmware
- version/zyxel usg flex 100 firmware/5.10
- version/zyxel usg flex 100 firmware/5.37
- version/zyxel usg flex 100 firmware/5.37-patch1
- canonical/zyxel usg flex 100ax firmware
- version/zyxel usg flex 100ax firmware/5.10
- version/zyxel usg flex 100ax firmware/5.37
- version/zyxel usg flex 100ax firmware/5.37-patch1
- canonical/zyxel usg flex 100hp
- canonical/zyxel usg flex 100w firmware
- version/zyxel usg flex 100w firmware/5.10
- version/zyxel usg flex 100w firmware/5.37
- version/zyxel usg flex 100w firmware/5.37-patch1
- canonical/zyxel usg flex firmware
- version/zyxel usg flex firmware/5.10
- version/zyxel usg flex firmware/5.37
- version/zyxel usg flex firmware/5.37-patch1
- canonical/zyxel usg flex 200 firmware
- canonical/zyxel usg flex 200hp firmware
- version/zyxel usg flex 200hp firmware/5.10
- version/zyxel usg flex 200hp firmware/5.37
- version/zyxel usg flex 200hp firmware/5.37-patch1
- canonical/zyxel usg flex 200h firmware
- canonical/zyxel usg flex 500 firmware
- canonical/zyxel usg flex 500h
- version/zyxel usg flex 500h/5.10
- version/zyxel usg flex 500h/5.37
- version/zyxel usg flex 500h/5.37-patch1
- canonical/zyxel usg flex 500h firmware
- canonical/zyxel usg flex 700 firmware
- canonical/zyxel usg flex 700h firmware
- version/zyxel usg flex 700h firmware/5.10
- version/zyxel usg flex 700h firmware/5.37
- version/zyxel usg flex 700h firmware/5.37-patch1
- version/zyxel usg flex 50(w) series firmware/5.10
- version/zyxel usg flex 50(w) series firmware/5.37
- version/zyxel usg flex 50(w) series firmware/5.37-patch1
- canonical/zyxel usg flex 50w
- version/zyxel usg flex 50w/5.10
- version/zyxel usg flex 50w/5.37
- version/zyxel usg flex 50w/5.37-patch1
- canonical/zyxel usg20w-vpn firmware
- version/zyxel usg20w-vpn firmware/5.10
- version/zyxel usg20w-vpn firmware/5.37
- version/zyxel usg20w-vpn firmware/5.37-patch1
- version/zyxel usg 20w-vpn firmware/5.10
- version/zyxel usg 20w-vpn firmware/5.37
- version/zyxel usg 20w-vpn firmware/5.37-patch1
- canonical/zyxel uos
- version/zyxel uos/1.10
- version/zyxel uos/1.10-patch1