{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-22914","assignerOrgId":"96e50032-ad0d-4058-a115-4d2c13821f9f","assignerShortName":"Zyxel","dateUpdated":"2025-02-12T16:22:16.191Z","dateReserved":"2023-01-10T00:00:00.000Z","datePublished":"2023-04-24T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"96e50032-ad0d-4058-a115-4d2c13821f9f","shortName":"Zyxel","dateUpdated":"2023-04-24T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled."}],"affected":[{"vendor":"Zyxel","product":"USG FLEX series firmware","versions":[{"version":"4.50 through 5.35","status":"affected"}]},{"vendor":"Zyxel","product":"VPN series firmware","versions":[{"version":"4.30 through 5.35","status":"affected"}]}],"references":[{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweId":"CWE-22"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:20:31.461Z"},"title":"CVE Program Container","references":[{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-04T16:38:00.556855Z","id":"CVE-2023-22914","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-12T16:22:16.191Z"}}]}}