CVE-2023-27989

EPSS 0.38%
Veröffentlicht 05.06.2023 12:15:09
Zuletzt bearbeitet 21.11.2024 07:53:53
Quelle security@zyxel.com.tw
CVE-Watchlists
Login
Unerledigt
Login

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to  V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zyxel ≫ Lte7480-m804 Firmware Version <= 1.00\(abra.6\)c0

Zyxel ≫ Lte7480-m804 Version-

Zyxel ≫ Lte7490-m904 Firmware Version <= 1.00\(abqy.5\)c0

Zyxel ≫ Lte7490-m904 Version-

Zyxel ≫ Nr7101 Firmware Version <= 1.00\(abuv.7\)c0

Zyxel ≫ Nr7101 Version-

Zyxel ≫ Nebula Nr7101 Firmware Version <= 1.15\(accc.3\)c0

Zyxel ≫ Nebula Nr7101 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.587

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security@zyxel.com.tw	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-27989

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27989

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27989

EUVD