CVE-2023-5650: 
NixOS vulnerability analysis and mitigation

CVE-2023-5650 is an improper privilege management vulnerability affecting the ZySH component in multiple Zyxel firewall series. The vulnerability was disclosed in November 2023 and affects multiple firmware versions including ATP series (versions 4.32 through 5.37), USG FLEX series (versions 4.50 through 5.37), USG FLEX 50(W) series (versions 4.16 through 5.37), USG20(W)-VPN series (versions 4.16 through 5.37), and VPN series (versions 4.30 through 5.37) (Zyxel Advisory).

The vulnerability is classified as an improper privilege management issue (CWE-269) that could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability allows an authenticated local attacker to modify the URL of the registration page in the web GUI of affected Zyxel devices, potentially leading to unauthorized changes in the system configuration (Zyxel Advisory).

Zyxel has released patches to address this vulnerability. The fix is available in ZLD V5.37 Patch 1 for all affected firewall series. Users are advised to update their firmware to the latest patched version to protect against this vulnerability (Zyxel Advisory).