CVE-2023-4397
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Zyxel | ATP series firmware | 5.37 | affected |
| Zyxel | USG FLEX series firmware | 5.37 | affected |
| Zyxel | USG FLEX 50(W) series firmware | 5.37 | affected |
| Zyxel | USG20(W)-VPN series firmware | 5.37 | affected |
Weaknesses
- CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.