Common vulnerabilities and Exposures (CVE)

Skip to main content

Required CVE Record Information

Description

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.

CVSS 1 Total

Learn more
ScoreSeverityVersionVector String
5.5MEDIUM3.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Product Status

Learn more

Versions 1 Total

Default Status: unaffected

affected

  • affected at versions 4.32 through 5.37 

Versions 1 Total

Default Status: unaffected

affected

  • affected at versions 4.50 through 5.37 

Versions 1 Total

Default Status: unaffected

affected

  • affected at versions 4.16 through 5.37 

Versions 1 Total

Default Status: unaffected

affected

  • affected at versions 4.16 through 5.37 

Versions 1 Total

Default Status: unaffected

affected

  • affected at versions 4.30 through 5.37 

Versions 1 Total

Default Status: unaffected

affected

  • affected at 6.29(ABYW.2) 

Versions 1 Total

Default Status: unaffected

affected

  • affected at 6.65(ABVS.1) 

Versions 1 Total

Default Status: unaffected

affected

  • affected at 6.60(ACHF.1) 

Versions 1 Total

Default Status: unaffected

affected

  • affected at 6.65(ACGG.1) 

Updated:

This container includes required additional information provided by the CVE Program for this vulnerability.