Lucene search

K

[email protected]CVE-2020-25014

HistoryNov 27, 2020 - 6:15 p.m.

CVE-2020-25014

2020-11-2718:15:11

CWE-787

[email protected]

web.nvd.nist.gov

58

security

buffer overflow

zyxel utm

vpn

remote code execution

cve-2020-25014

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.9%

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.

Affected configurations

NVD

Node

zyxelzywall_110Match-

AND

zyxelzld_firmwareRange4.30–4.55

Node

zyxelzywall_1100Match-

AND

zyxelzld_firmwareRange4.30–4.55

Node

zyxelzywall_310Match-

AND

zyxelzld_firmwareRange4.30–4.55

Node

zyxelusg_110Match-

AND

zyxelzld_firmwareRange4.30–4.55

Node

zyxelusg_1100Match-

AND

zyxelzld_firmwareRange4.30–4.55

Node

zyxelusg_1900Match-

AND

zyxelzld_firmwareRange4.30–4.55

Node

zyxelusg_20wMatch-

AND

zyxelzld_firmwareRange4.30–4.55

Node

zyxelusg_20w-vpnMatch-

AND

zyxelzld_firmwareRange4.30–4.55

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_2200-vpnMatch-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_310Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_40Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_40wMatch-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_60Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_60wMatch-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg110Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg1100Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg1900Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg20-vpnMatch-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg20w-vpnMatch-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg210Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg2200-vpnMatch-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg310Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg40Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg40wMatch-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg60Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg60wMatch-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelvpn100Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelvpn300Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelvpn50Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_flex_100Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_flex_200Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_flex_500Match-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_flex_100wMatch-

Node

zyxelzld_firmwareRange4.30–4.55

AND

zyxelusg_flex_700Match-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelnwa1123-ac_hdMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelnwa1123-ac_proMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelnwa1123-acv2Match-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelwax510dMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelwac5302d-sMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelnwa5120Match-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelnwa5301-njMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelwax610dMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelwax650sMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelwac6550Match-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelwac6303d-sMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelwac6500Match-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelwac6100Match-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelnwa210axMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelnwa110axMatch-

Node

zyxelaccess_points_firmwareRange≤6.10

OR

zyxelaccess_points_firmwareMatch6.10-

OR

zyxelaccess_points_firmwareMatch6.10patch1

OR

zyxelaccess_points_firmwareMatch6.10patch2

OR

zyxelaccess_points_firmwareMatch6.10patch3

OR

zyxelaccess_points_firmwareMatch6.10patch4

OR

zyxelaccess_points_firmwareMatch6.10patch5

OR

zyxelaccess_points_firmwareMatch6.10patch6

OR

zyxelaccess_points_firmwareMatch6.10patch7

AND

zyxelnwa1302-acMatch-

CPENameOperatorVersion
zyxel:zld_firmwarezyxel zld firmwarele4.55

References

businessforum.zyxel.com/categories/security-news-and-release

www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.9%

Related for CVE-2020-25014

nvd1 prion1 cvelist1