CVE-2023-22918 - OpenCVE

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zyxel	Wax640s-6e Firmware Wac500 Firmware Usg Flex 50 Firmware Wac6502d-e Firmware Wax630s Wax640s-6e Nwa55axe Firmware Nwa110ax Firmware Wac5302d-sv2 Firmware Nap353 Firmware Vpn1000 Wac6552d-s Wax610d Firmware Wac6553d-e Atp200 Nwa1123acv3 Usg Flex 500 Nwa220ax-6e Usg Flex 50 Atp800 Firmware Nap353 Wax650s Firmware Wac6103d-i Atp100w Nwa1123-ac Hd Firmware Vpn50 Wac500h Vpn300 Vpn100 Firmware Usg Flex 100 Firmware Wac6503d-s Atp800 Wac500h Firmware Atp100 Firmware Wac6502d-s Firmware Usg Flex 500 Firmware Nwa1123-ac Hd Vpn50 Firmware Nwa110ax Nwa1123-ac-pro Firmware Nwa90ax Firmware Wax630s Firmware Atp700 Firmware Usg Flex 100w Firmware Wac6303d-s Usg Flex 50w Wac500 Atp500 Firmware Usg 20w-vpn Nwa50ax Firmware Wax655e Vpn300 Firmware Nap203 Firmware Usg20-vpn Firmware Usg Flex 100 Wac6503d-s Firmware Nwa50ax Atp500 Nap303 Firmware Wac6303d-s Firmware Nwa50ax-pro Firmware Nwa55axe Atp100w Firmware Nwa210ax Firmware Usg Flex 200 Firmware Usg Flex 200 Wac6553d-e Firmware Wac6103d-i Firmware Wax510d Wax650s Wax620d-6e Firmware Wac6552d-s Firmware Nwa1123-ac-pro Wax610d Nwa5123-ac Hd Wac6502d-e Atp200 Firmware Usg Flex 50w Firmware Nwa50ax-pro Nap303 Usg Flex 100w Atp100 Usg20-vpn Nwa90ax-pro Nwa90ax-pro Firmware Usg Flex 700 Firmware Usg 20w-vpn Firmware Nwa220ax-6e Firmware Wac6502d-s Atp700 Usg Flex 700 Nap203 Vpn1000 Firmware Vpn100 Nwa5123-ac Hd Firmware Nwa1123acv3 Firmware Wax510d Firmware Wac5302d-sv2 Wax655e Firmware Wax620d-6e Nwa210ax Nwa90ax

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:zyxel:nap203_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nap203:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:zyxel:nap303_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nap303:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:zyxel:nap353_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nap353:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:zyxel:nwa1123-ac_hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1123-ac_hd:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:zyxel:nwa1123-ac-pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1123-ac-pro:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:zyxel:nwa5123-ac_hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa5123-ac_hd:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:zyxel:wac5302d-sv2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac5302d-sv2:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:zyxel:wac6103d-i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac6103d-i:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:zyxel:wac6303d-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac6303d-s:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:zyxel:wac6502d-e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac6502d-e:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:zyxel:wac6502d-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac6502d-s:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:zyxel:wac6503d-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac6503d-s:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:zyxel:wac6552d-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac6552d-s:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:zyxel:wac6553d-e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac6553d-e:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps	Patch Vendor Advisory