Usg 20W Vpn Firmware
CVE-2023-34140
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (zyxel) · only source for this CVE.
CVSS VectorVendor: zyxel
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.
AnalysisAI
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon. Affected products include: Zyxel Usg 20W-Vpn Firmware, Zyxel Usg 2200-Vpn Firmware, Zyxel Usg Flex 100 Firmware, Zyxel Usg Flex 100W Firmware, Zyxel Usg Flex 200 Firmware. Version information: through 5.36.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
More in Usg 20W Vpn Firmware
View allA command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.3
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Pa
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Pat
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmw
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 th
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00
A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions
A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 throu
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 t
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versio
A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32,
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today