LAN-based Attacker Could Cause DoS Conditions by Downloading Crafted RAR File
CVE-2023-6397

5.3MEDIUM

Key Information:

Vendor
Zyxel
Status
ATP series firmware
USG FLEX series firmware
Vendor
CVE Published:
20 February 2024

Badges

đź“° News Worthy

Summary

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.

Affected Version(s)

ATP series firmware version 4.32 through 5.37 Patch 1

USG FLEX series firmware version 4.50 through 5.37 Patch 1

News Articles

favicon imagesecurityonline.info

Zyxel Security Vulnerabilities: DoS, Command Injection & More

Zyxel’s recent security advisory spotlights multiple vulnerabilities present in select firewall and access point models. Failure to take immediate action could leave these devices open to severe security risks. Vulnerability Breakdown CVE-2023-6397 (Firewalls): Potential denial-of-service...

1 year ago

References

https://www.zyxel.com/global/en/support/security-advisori...
vendor-advisory

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by securityonline.info

  • Vulnerability published

  • Vulnerability Reserved

.