Lucene search

[email protected]CVE-2023-22915

HistoryApr 24, 2023 - 5:15 p.m.

CVE-2023-22915

2023-04-2417:15:09

CWE-120

[email protected]

web.nvd.nist.gov

cve

buffer overflow

zyxel usg flex

firmware

dos

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.8%

JSON

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.

Affected configurations

NVD

Node

zyxelusg_flex_100_firmwareRange4.50–5.35

AND

zyxelusg_flex_100Match-

Node

zyxelusg_flex_100w_firmwareRange4.50–5.35

AND

zyxelusg_flex_100wMatch-

Node

zyxelusg_flex_200_firmwareRange4.50–5.35

AND

zyxelusg_flex_200Match-

Node

zyxelusg_flex_50_firmwareRange4.50–5.35

AND

zyxelusg_flex_50Match-

Node

zyxelusg_flex_50w_firmwareRange4.30–5.35

AND

zyxelusg_flex_50wMatch-

Node

zyxelusg_flex_500_firmwareRange4.50–5.35

AND

zyxelusg_flex_500Match-

Node

zyxelusg_flex_700_firmwareRange4.50–5.35

AND

zyxelusg_flex_700Match-

Node

zyxelvpn100_firmwareRange4.50–5.35

AND

zyxelvpn100Match-

Node

zyxelvpn1000_firmwareRange4.50–5.35

AND

zyxelvpn1000Match-

Node

zyxelvpn300_firmwareRange4.50–5.35

AND

zyxelvpn300Match-

Node

zyxelvpn50_firmwareRange4.50–5.35

AND

zyxelvpn50Match-

Node

zyxelusg_20w-vpn_firmwareRange4.30–5.35

AND

zyxelusg_20w-vpnMatch-

CPENameOperatorVersion
zyxel:usg_flex_100_firmwarezyxel usg flex 100 firmwarele5.35

CPE	Name	Operator	Version
zyxel:usg_flex_100_firmware	zyxel usg flex 100 firmware	le	5.35

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "USG FLEX series firmware",
    "versions": [
      {
        "version": "4.50 through 5.35",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "USG FLEX 50(W) firmware",
    "versions": [
      {
        "version": "4.30 through 5.35",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "USG20(W)-VPN firmware",
    "versions": [
      {
        "version": "4.30 through 5.35",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "VPN series firmware",
    "versions": [
      {
        "version": "4.30 through 5.35",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.8%

JSON

Related for CVE-2023-22915

prion1 nvd1 cvelist1