CVE-2023-6764

Published Feb 20, 2024
Last updated a year ago
CVSS high 8.1
Overview

Description: A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
Source: security@zyxel.com.tw
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
Weaknesses

security@zyxel.com.tw: CWE-134
nvd@nist.gov: CWE-134
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22B1CC86-551C-4CF1-9905-22D983C87B0C",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.32"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "121E2131-A6CB-4714-BD0B-9CDBFF924F10"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4AA7A4F-E00F-4CFA-8B4F-305BEC37F0B8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E4D7828-078E-4418-9F04-302FC7F8BB25",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.32"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F750721F-73AD-4BDD-A407-72D8DEB30C68"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "069E7437-BF71-4F73-8C0A-44DC9804492B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67DC678C-8CA1-4289-A69B-435FE3374BCD",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.32"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B20F854E-486D-46C0-90C8-81153573FEF1"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE71538C-16FD-43B1-B6CD-EB5988AFB7BF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5C9B7E5-F548-4F9F-8CA7-20B7D41DF0AC",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.32"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E8933B8-F66E-4667-955E-DB5486534C5A"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F694EDC-DEF2-47D4-BCF0-32972EF8CEA1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E1974D6-04C1-4135-812D-6901712940EE",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.32"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E3E890B-8BDE-4C22-BFF7-B87495C71C48"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3037AE20-8F8B-4656-9534-6436A8AEA8C9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21C4C98F-B383-4F2F-B84E-3C6DDD8437DB",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.32"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67FA1CEC-DED7-46D4-A4FC-780431B3EE2B"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFD1CE91-B72C-4589-9A5F-F1164C0193AB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D66CA5F-C85F-4D69-8F82-BDCF6FCB905C",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF266069-4FA5-4343-B62C-0940A0C61566"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99E0ECA5-7FE6-4E56-A741-E3260C99A43A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CF216E5-870B-4C6E-9CFA-A5FB6F476CB0",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "395E8D72-E9F6-4923-B4DE-875D195B27F7"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCBEDDCD-A9F6-4E07-ADF8-B1E9C557CDEC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C220BBFF-29A6-483B-9806-6A966625EFEE",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45EEA203-C4E3-4916-A9E5-15AB994B53FA"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21576D3-6A3F-451C-9B62-E0B0418D5529"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5E31FC3-E2EC-4909-BF8D-86775AF4D4B5",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC61CF4F-74D5-4C96-8D8A-779436CF344D"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25EB6607-7241-4D01-BC87-3C3E62B27B6B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6EF9AA9-65D5-4D7B-A2BF-9150C6339282",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E4CC2FF-2BB1-43E8-A7AA-56A220705FE8"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31206A47-4A01-4FB7-A0AA-E9D22C63941D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69B29C9B-DB92-4DBD-9F83-1C9FABAC81B4",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBDE985D-B016-4303-8EE6-904C79F8FE82"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ACD16E9-7EE0-4AD5-9D71-121AFAEF7947"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCC129C3-AD72-44AE-B89D-5BF40559B9F4",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EE95AED-D8FB-44BD-856D-2F7A6DB2AABA"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D764B87E-8B23-4C33-93BB-59B23CFEADBC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B221F5CD-C0C6-4917-AC15-FF1BA3904915",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9D7FBB8-C983-4EFA-90CB-EC5C6A26D112"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CDA1267-E136-4932-9627-B4D12DB17E27"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8ACA5C0-F9AC-4986-95CF-74A92DEAF45E",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D168F82-50CE-4E25-B1D9-B50F69463F5A"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A0B9A2C-772B-4669-BC7C-71FA32B1B4EA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FA43EB7-3F72-4250-BE9A-7449B8AEF90F",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1FEDD30-0B80-4F07-8475-156B9FE46883"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3953AFFC-18E6-46AA-BC99-EA65726E4D9E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D051AE62-28E7-4626-B5CB-F4B244260A0E",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.50"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5A45A9D-D9C7-495D-BD83-EE088746FD36"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "606D09B9-0376-4277-9964-F0580D65C3E0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50C93BA9-E4F3-48F3-8D58-92409905AC03",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.16"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5476C178-E553-44FC-854B-5851F0F28469"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2D65155-CDF2-4A99-94CA-D4B61B26D32C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A2842FD-23CC-4E12-AF08-979035695E5F",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.16"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC8C2C47-FE8E-4496-9648-0B264A9A2EA0"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEB68246-FD4B-4FB6-9140-63725EA24660"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E10984B-2ACA-4B15-AF74-F6E7D467DA8B",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.16"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0BFA01B-1328-4F96-AE56-D39416A54F0C"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABB0C1EC-512C-4A00-84C6-4F93FDD7739F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE25FC75-B93D-4010-A255-2AF732D47674",
            "versionEndExcluding": "5.37",
            "versionStartIncluding": "4.16"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8470EFC-2AED-45A3-8F4E-CF8EB8EB43D0"
          },
          {
            "criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFD0A4B7-5A6D-4DAE-9FA4-559F9932A92B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
