Vulnerability Details : CVE-2023-28768
Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.
Vulnerability category: Denial of service
Products affected by CVE-2023-28768
- cpe:2.3:o:zyxel:xs1930-10_firmware:4.80\(abqe.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xs1930-12hp_firmware:4.80\(abqf.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xs1930-12f_firmware:4.80\(abzv.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xgs2220-30_firmware:4.80\(abxn.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xgs2220-30hp_firmware:4.80\(abxo.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xgs2220-30f_firmware:4.80\(abye.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xgs2220-54_firmware:4.80\(abxp.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xgs2220-54hp_firmware:4.80\(abxq.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xgs2220-54fp_firmware:4.80\(acce.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xmg1930-30_firmware:4.80\(acar.1\):*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:xmg1930-30hp_firmware:4.80\(acas.1\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28768
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28768
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
Zyxel Corporation |
CWE ids for CVE-2023-28768
-
The product does not handle or incorrectly handles an exceptional condition.Assigned by:
- nvd@nist.gov (Primary)
- security@zyxel.com.tw (Secondary)
References for CVE-2023-28768
-
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches
Access denied | Zyxel NetworksPatch;Vendor Advisory
Jump to