Lucene search

[email protected]CVE-2023-28768

HistoryAug 14, 2023 - 5:15 p.m.

CVE-2023-28768

2023-08-1417:15:10

CWE-755

[email protected]

web.nvd.nist.gov

cve-2023-28768

zyxel

xgs2220-30

xmg1930-30

xs1930-10

firmware

dos

lan-based

nvd

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

JSON

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.

CPE configuration

NVD

zyxelxgs2220-30Match-

AND

zyxelxgs2220-30_firmwareMatch4.80\(abxn.1\)

CPENameOperatorVersion
zyxel:xgs2220-30_firmwarezyxel xgs2220-30 firmwareeq4.80\(abxn.1\)
zyxel:xgs2220-30f_firmwarezyxel xgs2220-30f firmwareeq4.80\(abye.1\)
zyxel:xgs2220-30hp_firmwarezyxel xgs2220-30hp firmwareeq4.80\(abxo.1\)
zyxel:xgs2220-54_firmwarezyxel xgs2220-54 firmwareeq4.80\(abxp.1\)
zyxel:xgs2220-54fp_firmwarezyxel xgs2220-54fp firmwareeq4.80\(acce.1\)
zyxel:xgs2220-54hp_firmwarezyxel xgs2220-54hp firmwareeq4.80\(abxq.1\)
zyxel:xmg1930-30_firmwarezyxel xmg1930-30 firmwareeq4.80\(acar.1\)
zyxel:xmg1930-30hp_firmwarezyxel xmg1930-30hp firmwareeq4.80\(acas.1\)
zyxel:xs1930-10_firmwarezyxel xs1930-10 firmwareeq4.80\(abqe.1\)
zyxel:xs1930-12f_firmwarezyxel xs1930-12f firmwareeq4.80\(abzv.1\)

CPE	Name	Operator	Version
zyxel:xgs2220-30_firmware	zyxel xgs2220-30 firmware	eq	4.80\(abxn.1\)
zyxel:xgs2220-30f_firmware	zyxel xgs2220-30f firmware	eq	4.80\(abye.1\)
zyxel:xgs2220-30hp_firmware	zyxel xgs2220-30hp firmware	eq	4.80\(abxo.1\)
zyxel:xgs2220-54_firmware	zyxel xgs2220-54 firmware	eq	4.80\(abxp.1\)
zyxel:xgs2220-54fp_firmware	zyxel xgs2220-54fp firmware	eq	4.80\(acce.1\)
zyxel:xgs2220-54hp_firmware	zyxel xgs2220-54hp firmware	eq	4.80\(abxq.1\)
zyxel:xmg1930-30_firmware	zyxel xmg1930-30 firmware	eq	4.80\(acar.1\)
zyxel:xmg1930-30hp_firmware	zyxel xmg1930-30hp firmware	eq	4.80\(acas.1\)
zyxel:xs1930-10_firmware	zyxel xs1930-10 firmware	eq	4.80\(abqe.1\)
zyxel:xs1930-12f_firmware	zyxel xs1930-12f firmware	eq	4.80\(abzv.1\)

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "XGS2220-30 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V4.80(ABXN.1)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "XMG1930-30 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V4.80(ACAR.1)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "XS1930-10 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V4.80(ABQE.1)"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

JSON

Related for CVE-2023-28768

prion1 cvelist1 nvd1