CVE-2023-6397

Published: Feb 20, 2024Modified: Jan 21, 2025

5.3

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.

Affected (57)

Products: Zyxel: Atp100 Firmware, Atp100w Firmware, Atp200 Firmware, Atp500 Firmware, Atp700 Firmware, Atp800 Firmware, Usg Flex 100 Firmware, Usg Flex 100ax Firmware, Usg Flex 100h Firmware, Usg Flex 100w Firmware, Usg Flex 200 Firmware, Usg Flex 200h Firmware, Usg Flex 200hp Firmware, Usg Flex 50 Firmware, Usg Flex 500 Firmware, Usg Flex 500h Firmware, Usg Flex 50w Firmware, Usg Flex 700 Firmware, Usg Flex 700h Firmware

19 products

Usg Flex 100 Firmware

Usg Flex 100ax Firmware

Usg Flex 100h Firmware

Usg Flex 100w Firmware

Usg Flex 200 Firmware

Usg Flex 200h Firmware

Usg Flex 200hp Firmware

Usg Flex 50 Firmware

Usg Flex 500 Firmware

Usg Flex 500h Firmware

Usg Flex 50w Firmware

Usg Flex 700 Firmware

Usg Flex 700h Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp100 Firmware	From 4.32 to 5.37
Zyxel Atp100 Firmware	Version 5.37
Zyxel Atp100 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp100	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp100w Firmware	From 4.32 to 5.37
Zyxel Atp100w Firmware	Version 5.37
Zyxel Atp100w Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp100w	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp200 Firmware	From 4.32 to 5.37
Zyxel Atp200 Firmware	Version 5.37
Zyxel Atp200 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp200	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp500 Firmware	From 4.32 to 5.37
Zyxel Atp500 Firmware	Version 5.37
Zyxel Atp500 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp500	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp700 Firmware	From 4.32 to 5.37
Zyxel Atp700 Firmware	Version 5.37
Zyxel Atp700 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp700	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp800 Firmware	From 4.32 to 5.37
Zyxel Atp800 Firmware	Version 5.37
Zyxel Atp800 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Atp800	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100 Firmware	Version 5.37
Zyxel Usg Flex 100 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100	All versions

Configuration H

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100ax Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100ax Firmware	Version 5.37
Zyxel Usg Flex 100ax Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100ax	All versions

Configuration I

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100h Firmware	Version 5.37
Zyxel Usg Flex 100h Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100h	All versions

Configuration J

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100w Firmware	From 4.50 to 5.37
Zyxel Usg Flex 100w Firmware	Version 5.37
Zyxel Usg Flex 100w Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 100w	All versions

Configuration K

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 200 Firmware	Version 5.37
Zyxel Usg Flex 200 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 200	All versions

Configuration L

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 200h Firmware	Version 5.37
Zyxel Usg Flex 200h Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 200h	All versions

Configuration M

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200hp Firmware	From 4.50 to 5.37
Zyxel Usg Flex 200hp Firmware	Version 5.37
Zyxel Usg Flex 200hp Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 200hp	All versions

Configuration N

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 50 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 50 Firmware	Version 5.37
Zyxel Usg Flex 50 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 50	All versions

Configuration O

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 500 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 500 Firmware	Version 5.37
Zyxel Usg Flex 500 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 500	All versions

Configuration P

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 500h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 500h Firmware	Version 5.37
Zyxel Usg Flex 500h Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 500h	All versions

Configuration Q

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 50w Firmware	From 4.50 to 5.37
Zyxel Usg Flex 50w Firmware	Version 5.37
Zyxel Usg Flex 50w Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 50w	All versions

Configuration R

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 700 Firmware	From 4.50 to 5.37
Zyxel Usg Flex 700 Firmware	Version 5.37
Zyxel Usg Flex 700 Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 700	All versions

Configuration S

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 700h Firmware	From 4.50 to 5.37
Zyxel Usg Flex 700h Firmware	Version 5.37
Zyxel Usg Flex 700h Firmware	Version 5.37 patch1

Running on/with	Platform Versions
Zyxel Usg Flex 700h	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024

Source: security@zyxel.com.tw

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.