CVE-2023-22915
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Zyxel | USG FLEX series firmware | 4.50 through 5.35 | affected |
| Zyxel | USG FLEX 50(W) firmware | 4.30 through 5.35 | affected |
| Zyxel | USG20(W)-VPN firmware | 4.30 through 5.35 | affected |
| Zyxel | VPN series firmware | 4.30 through 5.35 | affected |
Weaknesses
- CWE-120: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.