CVE-2023-28768

Published: Aug 14, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: security@zyxel.com.tw (Secondary)

Description

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.

Affected (11)

Products: Zyxel: Xgs2220 30 Firmware, Xgs2220 30f Firmware, Xgs2220 30hp Firmware, Xgs2220 54 Firmware, Xgs2220 54fp Firmware, Xgs2220 54hp Firmware, Xmg1930 30 Firmware, Xmg1930 30hp Firmware, Xs1930 10 Firmware, Xs1930 12f Firmware, Xs1930 12hp Firmware

Zyxel

11 products

Xgs2220 30 Firmware

Xgs2220 30f Firmware

Xgs2220 30hp Firmware

Xgs2220 54 Firmware

Xgs2220 54fp Firmware

Xgs2220 54hp Firmware

Xmg1930 30 Firmware

Xmg1930 30hp Firmware

Xs1930 10 Firmware

Xs1930 12f Firmware

Xs1930 12hp Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xgs2220 30 Firmware	Version 4.80(abxn.1)

Running on/with	Platform Versions
Zyxel Xgs2220 30	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xgs2220 30f Firmware	Version 4.80(abye.1)

Running on/with	Platform Versions
Zyxel Xgs2220 30f	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xgs2220 30hp Firmware	Version 4.80(abxo.1)

Running on/with	Platform Versions
Zyxel Xgs2220 30hp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xgs2220 54 Firmware	Version 4.80(abxp.1)

Running on/with	Platform Versions
Zyxel Xgs2220 54	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xgs2220 54fp Firmware	Version 4.80(acce.1)

Running on/with	Platform Versions
Zyxel Xgs2220 54fp	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xgs2220 54hp Firmware	Version 4.80(abxq.1)

Running on/with	Platform Versions
Zyxel Xgs2220 54hp	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xmg1930 30 Firmware	Version 4.80(acar.1)

Running on/with	Platform Versions
Zyxel Xmg1930 30	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xmg1930 30hp Firmware	Version 4.80(acas.1)

Running on/with	Platform Versions
Zyxel Xmg1930 30hp	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xs1930 10 Firmware	Version 4.80(abqe.1)

Running on/with	Platform Versions
Zyxel Xs1930 10	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xs1930 12f Firmware	Version 4.80(abzv.1)

Running on/with	Platform Versions
Zyxel Xs1930 12f	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Xs1930 12hp Firmware	Version 4.80(abqf.1)

Running on/with	Platform Versions
Zyxel Xs1930 12hp	All versions

Related CWEs

CWE-755

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches

Source: security@zyxel.com.tw

PatchVendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.