CVE-2023-22915 : A buffer overflow vulnerability in the “fbwifi

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.

Published 2023-04-24 17:15:10

Updated 2023-05-04 14:44:10

Source Zyxel Corporation

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2023-22915

Zyxel » Usg 20w-vpn Firmware
Versions from including (>=) 4.30 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg 20w-vpn » Version: N/A
Zyxel » Vpn50 Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Vpn50 » Version: N/A
Zyxel » Vpn100 Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Vpn100 » Version: N/A
Zyxel » Vpn300 Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Vpn300 » Version: N/A
Zyxel » Vpn1000 Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Vpn1000 » Version: N/A
Zyxel » Usg Flex 100 Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 100 » Version: N/A
Zyxel » Usg Flex 200 Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 200 » Version: N/A
Zyxel » Usg Flex 500 Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 500 » Version: N/A
Zyxel » Usg Flex 100w Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 100w » Version: N/A
Zyxel » Usg Flex 700 Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 700 » Version: N/A
Zyxel » Usg Flex 50w Firmware
Versions from including (>=) 4.30 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 50w » Version: N/A
Zyxel » Usg Flex 50 Firmware
Versions from including (>=) 4.50 and up to, including, (<=) 5.35
cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 50 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-22915

EPSS FAQ

0.87%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-22915

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	Zyxel Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-22915

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Assigned by:
- nvd@nist.gov (Primary)
- security@zyxel.com.tw (Secondary)

References for CVE-2023-22915

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps

Page Not Found | Zyxel Networks
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-22915

Products affected by CVE-2023-22915

Exploit prediction scoring system (EPSS) score for CVE-2023-22915

CVSS scores for CVE-2023-22915

CWE ids for CVE-2023-22915

References for CVE-2023-22915