CVE-2023-4397

Summary

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

Affected Software

VendorProductVersion RangeStatus
ZyxelATP series firmware5.37affected
ZyxelUSG FLEX series firmware5.37affected
ZyxelUSG FLEX 50(W) series firmware5.37affected
ZyxelUSG20(W)-VPN series firmware5.37affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

References