← Back

CVE-2023-27989

nvd nist
Published: Jun 5, 2023Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Affected (4)

Zyxel
4 products
Lte7480 M804 Firmware
Lte7490 M904 Firmware
Nr7101 Firmware
Nebula Nr7101 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lte7480 M804 Firmware
Up to 1.00\(abra.6\)c0
Running on/withPlatform Versions
Zyxel
Lte7480 M804
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lte7490 M904 Firmware
Up to 1.00\(abqy.5\)c0
Running on/withPlatform Versions
Zyxel
Lte7490 M904
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nr7101 Firmware
Up to 1.00\(abuv.7\)c0
Running on/withPlatform Versions
Zyxel
Nr7101
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nebula Nr7101 Firmware
Up to 1.15\(accc.3\)c0
Running on/withPlatform Versions
Zyxel
Nebula Nr7101
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

Source: security@zyxel.com.tw
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.