{"cve":{"cve_id":"CVE-2023-6398","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01333,"epss_percentile":0.67447,"epss_as_of":"2026-06-23","description":"A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, \n\nUSG FLEX H series firmware versions from 1.10 through 1.10 Patch 1,\n\nNWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.","published_at":"2024-02-20T01:34:32.229000Z","last_modified_at":null,"cvss_v3_score":7.2,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-78"],"nvd_references":["https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:44:39.184534Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"zyxel","vendor_name":"Zyxel","product_slug":"atp-series-firmware","product_name":"ATP series firmware","version_start":"version 4.32 through 5.37 Patch 1","version_start_inclusive":true,"version_end":"version 4.32 through 5.37 Patch 1","version_end_inclusive":true,"cpe23_uri":"cve5:zyxel:atp-series-firmware:version 4.32 through 5.37 Patch 1:version 4.32 through 5.37 Patch 1"},{"vendor_slug":"zyxel","vendor_name":"Zyxel","product_slug":"nwa50ax-firmware","product_name":"NWA50AX firmware","version_start":"< 6.29(ABYW.4)","version_start_inclusive":true,"version_end":"< 6.29(ABYW.4)","version_end_inclusive":true,"cpe23_uri":"cve5:zyxel:nwa50ax-firmware:< 6.29(ABYW.4):< 6.29(ABYW.4)"},{"vendor_slug":"zyxel","vendor_name":"Zyxel","product_slug":"usg20-w-vpn-series-firmware","product_name":"USG20(W)-VPN series firmware","version_start":"version 4.16 through 5.37 Patch 1","version_start_inclusive":true,"version_end":"version 4.16 through 5.37 Patch 1","version_end_inclusive":true,"cpe23_uri":"cve5:zyxel:usg20-w-vpn-series-firmware:version 4.16 through 5.37 Patch 1:version 4.16 through 5.37 Patch 1"},{"vendor_slug":"zyxel","vendor_name":"Zyxel","product_slug":"usg-flex-50-w-series-firmware","product_name":"USG FLEX 50(W) series firmware","version_start":" version 4.16 through 5.37 Patch 1","version_start_inclusive":true,"version_end":" version 4.16 through 5.37 Patch 1","version_end_inclusive":true,"cpe23_uri":"cve5:zyxel:usg-flex-50-w-series-firmware: version 4.16 through 5.37 Patch 1: version 4.16 through 5.37 Patch 1"},{"vendor_slug":"zyxel","vendor_name":"Zyxel","product_slug":"usg-flex-h-series-firmware","product_name":"USG FLEX H series firmware","version_start":"version 1.10 through 1.10 Patch 1","version_start_inclusive":true,"version_end":"version 1.10 through 1.10 Patch 1","version_end_inclusive":true,"cpe23_uri":"cve5:zyxel:usg-flex-h-series-firmware:version 1.10 through 1.10 Patch 1:version 1.10 through 1.10 Patch 1"},{"vendor_slug":"zyxel","vendor_name":"Zyxel","product_slug":"usg-flex-series-firmware","product_name":"USG FLEX series firmware","version_start":"version 4.50 through 5.37 Patch 1","version_start_inclusive":true,"version_end":"version 4.50 through 5.37 Patch 1","version_end_inclusive":true,"cpe23_uri":"cve5:zyxel:usg-flex-series-firmware:version 4.50 through 5.37 Patch 1:version 4.50 through 5.37 Patch 1"},{"vendor_slug":"zyxel","vendor_name":"Zyxel","product_slug":"wac500-firmware","product_name":"WAC500 firmware","version_start":"< 6.70(ABVS.1)","version_start_inclusive":true,"version_end":"< 6.70(ABVS.1)","version_end_inclusive":true,"cpe23_uri":"cve5:zyxel:wac500-firmware:< 6.70(ABVS.1):< 6.70(ABVS.1)"},{"vendor_slug":"zyxel","vendor_name":"Zyxel","product_slug":"wax300h-firmware","product_name":"WAX300H firmware","version_start":"< 6.70(ACHF.1)","version_start_inclusive":true,"version_end":"< 6.70(ACHF.1)","version_end_inclusive":true,"cpe23_uri":"cve5:zyxel:wax300h-firmware:< 6.70(ACHF.1):< 6.70(ACHF.1)"},{"vendor_slug":"zyxel","vendor_name":"Zyxel","product_slug":"wbe660s-firmware","product_name":"WBE660S firmware","version_start":"< 6.70(ACGG.1)","version_start_inclusive":true,"version_end":"< 6.70(ACGG.1)","version_end_inclusive":true,"cpe23_uri":"cve5:zyxel:wbe660s-firmware:< 6.70(ACGG.1):< 6.70(ACGG.1)"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2024-02-20T01:34:32.229000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:31:58.415164Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:31:58.415164Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:31:58.415164Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:44:39.184534Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:44:39.184534Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:44:39.184534Z","label":"SSVC decision revised","source":"vulnrichment"}]}