CVE-2023-22915

CVSS 7.5 HIGHEPSS 1.1%CWE-120

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Apr 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Zyxel · USG20(W)-VPN firmware Zyxel · USG FLEX 50(W) firmware Zyxel · USG FLEX series firmware Zyxel · VPN series firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps