CVE-2020-25014Out-of-bounds Write in Zyxel Access Points Firmware

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
2.0%
top 16.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zyxel Access Points FirmwareZyxel ZLD
Timeline
PublishedNov 27
Latest updateMay 24

Description

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDzyxel/zld4.304.55

🔴Vulnerability Details

2
GHSA
GHSA-f57w-r4hj-rw7w: A stack-based buffer overflow in fbwifi_continue2022-05-24
CVEList
CVE-2020-25014: A stack-based buffer overflow in fbwifi_continue2020-11-27
CVE-2020-25014 — Out-of-bounds Write in Zyxel | cvebase