First published: Tue Nov 28 2023(Updated: )
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
Credit: security@zyxel.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Zyxel Zld | =5.37 | |
Any of | ||
Zyxel Multiple Network-Attached Storage (NAS) Devices | ||
Zyxel Atp100w | ||
Zyxel ATP200 | ||
Zyxel Atp500 | ||
Zyxel Atp700 | ||
Zyxel Atp800 | ||
All of | ||
Zyxel Zld | =5.37 | |
Any of | ||
Zyxel Usg Flex 100 | ||
Zyxel Usg Flex 100w | ||
Zyxel Usg Flex 200 | ||
Zyxel Usg Flex 50 | ||
Zyxel Usg Flex 500 | ||
Zyxel Usg Flex 50w | ||
Zyxel Usg Flex 700 | ||
All of | ||
Zyxel Zld | =5.37 | |
Any of | ||
Zyxel Usg 20w-vpn | ||
Zyxel Vpn50w |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-4397 is medium.
An attacker with administrator privileges can exploit CVE-2023-4397 by causing a denial-of-service or potentially executing arbitrary code.
Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37 are affected by CVE-2023-4397.
Yes, authentication is required to exploit CVE-2023-4397.
Apply the latest firmware patch provided by Zyxel to mitigate CVE-2023-4397.