CVE-2023-22922

EPSS 0.53%
Veröffentlicht 01.05.2023 17:15:09
Zuletzt bearbeitet 21.11.2024 07:45:39
Quelle security@zyxel.com.tw
Teams Watchlist Login
Unerledigt Login

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zyxel ≫ Nbg-418n Firmware Version <= 1.00\(aarp.13\)c0

Zyxel ≫ Nbg-418n Versionv2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.644

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@zyxel.com.tw	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nbg-418n-v2-home-router

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-22922

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22922

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22922

EUVD