A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
04 May 2023, 14:44
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps - Vendor Advisory |
24 Apr 2023, 17:43
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-24 17:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-22915
Mitre link : CVE-2023-22915
CVE.ORG link : CVE-2023-22915
JSON object : View
Products Affected
zyxel
- usg_flex_200_firmware
- vpn50
- usg_20w-vpn_firmware
- usg_flex_50w_firmware
- usg_flex_200
- vpn300
- vpn100
- vpn1000_firmware
- usg_flex_500_firmware
- usg_flex_50
- vpn100_firmware
- usg_flex_100_firmware
- vpn50_firmware
- usg_flex_50w
- usg_flex_500
- usg_flex_100
- usg_flex_700_firmware
- usg_flex_100w_firmware
- vpn1000
- usg_20w-vpn
- usg_flex_700
- usg_flex_100w
- vpn300_firmware
- usg_flex_50_firmware
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')