CVE-2023-27989 — Classic Buffer Overflow in Zyxel Nr7101 Firmware

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 28.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nr7101 Firmware Zyxel Lte7480-m804 Firmware Zyxel Lte7490-m904 Firmware +1 more

Timeline

PublishedJun 5

Description

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5zyxel/nr7101_firmware< V1.00(ABUV.8)C0

▶NVDzyxel/nr7101_firmware1.00\(abuv.7\)c0

▶NVDzyxel/nebula_nr7101_firmware1.15\(accc.3\)c0

▶NVDzyxel/lte7480-m804_firmware1.00\(abra.6\)c0

▶NVDzyxel/lte7490-m904_firmware1.00\(abqy.5\)c0

Patches

Patch: www.zyxel.com ↗Patch: www.zyxel.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-27989: A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1↗2023-06-05

▶

GHSA

GHSA-x86w-xv82-wrpx: A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1↗2023-06-05

▶