CVE-2023-34138

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Jul 17, 2023
Updated: Jul 26, 2023
CWE ID 78

Summary

CVE-2023-34138 is a command injection vulnerability that affects the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2. This vulnerability could allow an unauthenticated attacker on the LAN to execute OS commands on an affected device if they can trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance. The risk score for this vulnerability is rated at 26 out of a possible maximum of 100, indicating a high level of risk to organizations if exploited. To remediate this vulnerability, it is recommended to update the affected Zyxel products to a patched firmware version as soon as possible.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-34138 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options