First published: Mon Jul 17 2023(Updated: )
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.
Credit: security@zyxel.com.tw security@zyxel.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel Usg 20w-vpn Firmware | >=4.16<5.37 | |
Zyxel Usg 20w-vpn | ||
Zyxel Usg 2200-vpn Firmware | >=4.30<5.37 | |
Zyxel Usg 2200-vpn | ||
Zyxel Usg Flex 100 Firmware | >=4.50<5.37 | |
Zyxel Usg Flex 100 | ||
Zyxel Usg Flex 100w Firmware | >=4.50<5.37 | |
Zyxel Usg Flex 100w | ||
Zyxel Usg Flex 200 Firmware | >=4.50<5.37 | |
Zyxel Usg Flex 200 | ||
Zyxel Usg Flex 50 Firmware | >=4.50<5.37 | |
Zyxel Usg Flex 50 | ||
Zyxel Usg Flex 500 Firmware | >=4.50<5.37 | |
Zyxel Usg Flex 500 | ||
Zyxel Usg Flex 50w Firmware | >=4.50<5.37 | |
Zyxel Usg Flex 50w | ||
Zyxel Usg Flex 700 Firmware | >=4.50<5.37 | |
Zyxel Usg Flex 700 | ||
Zyxel Zywall Atp100 Firmware | >=4.32<5.37 | |
Zyxel Zywall Atp100 | ||
Zyxel Zywall Atp100w Firmware | >=4.32<5.37 | |
Zyxel Zywall Atp100w | ||
Zyxel Zywall Atp200 Firmware | >=4.32<5.37 | |
Zyxel Zywall Atp200 | ||
Zyxel Zywall Atp500 Firmware | >=4.32<5.37 | |
Zyxel Zywall Atp500 | ||
Zyxel Zywall Atp700 Firmware | >=4.32<5.37 | |
Zyxel Zywall Atp700 | ||
Zyxel Zywall Atp800 Firmware | >=4.32<5.37 | |
Zyxel Zywall Atp800 | ||
Zyxel Zywall Vpn100 Firmware | >=4.30<5.37 | |
Zyxel Zywall Vpn100 | ||
Zyxel Zywall Vpn2s Firmware | >=4.30<5.37 | |
Zyxel Zywall Vpn2s | ||
Zyxel Zywall Vpn300 Firmware | >=4.30<5.37 | |
Zyxel Zywall Vpn300 | ||
Zyxel Zywall Vpn50 Firmware | >=4.30<5.37 | |
Zyxel Zywall Vpn50 | ||
Zyxel Zywall Vpn 100 Firmware | >=4.30<5.37 | |
Zyxel Zywall Vpn 100 | ||
Zyxel Zywall Vpn 300 Firmware | >=4.30<5.37 | |
Zyxel Zywall Vpn 300 | ||
Zyxel Zywall Vpn 50 Firmware | >=4.30<5.37 | |
Zyxel Zywall Vpn 50 | ||
Zyxel Nxc2500 Firmware | >=6.10\(aaig.0\)<=6.10\(aaig.3\) | |
Zyxel Nxc2500 | ||
Zyxel Nxc5500 Firmware | >=6.10\(aaos.0\)<=6.10\(aaos.4\) | |
Zyxel Nxc5500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-34140 is medium with a score of 6.5.
Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, and USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2 are affected by CVE-2023-34140.
To fix CVE-2023-34140, update your Zyxel firmware to versions 5.37 for affected models.
The Common Vulnerabilities and Exposures (CVE) ID of this vulnerability is CVE-2023-34140.