Skip to main content

Xgs2220 30 Firmware CVE-2023-28768

MEDIUM
Improper Handling of Exceptional Conditions (CWE-755)
2023-08-14 security@zyxel.com.tw
6.5
CVSS 3.1 · Vendor: zyxel
Share

Severity by source

Vendor (zyxel) PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (zyxel) · only source for this CVE.

CVSS VectorVendor: zyxel

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 14, 2023 - 17:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.

AnalysisAI

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-755. Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch. Affected products include: Zyxel Xgs2220-30 Firmware, Zyxel Xgs2220-30F Firmware, Zyxel Xgs2220-30Hp Firmware, Zyxel Xgs2220-54 Firmware, Zyxel Xgs2220-54Fp Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2023-28768 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy