Lucene search

ZyxelCVELIST:CVE-2023-28768

HistoryAug 14, 2023 - 4:10 p.m.

CVE-2023-28768

2023-08-1416:10:27

CWE-755

Zyxel

www.cve.org

zyxel

xgs2220-30

xmg1930-30

xs1930-10

denial-of-service

lan-based attacker

crafted frames

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

12.7%

JSON

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "XGS2220-30 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V4.80(ABXN.1)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "XMG1930-30 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V4.80(ACAR.1)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "XS1930-10 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V4.80(ABQE.1)"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2023-28768