7.5
CVE-2023-22915
- EPSS 0.87%
- Veröffentlicht 24.04.2023 17:15:09
- Zuletzt bearbeitet 21.11.2024 07:45:38
- Quelle security@zyxel.com.tw
- Teams Watchlist Login
- Unerledigt Login
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Usg Flex 100 Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Usg Flex 100w Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Usg Flex 200 Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Usg Flex 50 Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Usg Flex 50w Firmware Version >= 4.30 <= 5.35
Zyxel ≫ Usg Flex 500 Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Usg Flex 700 Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Vpn100 Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Vpn1000 Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Vpn300 Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Vpn50 Firmware Version >= 4.50 <= 5.35
Zyxel ≫ Usg 20w-vpn Firmware Version >= 4.30 <= 5.35
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.87% | 0.73 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security@zyxel.com.tw | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.