Zyxel : Security Vulnerabilities, CVEs, (Memory corruption)

CVE-2023-6397

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-02-20
Updated
2024-02-20

CVE-2023-5593

The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-20
Updated
2023-11-30

CVE-2020-25014

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-11-27
Updated
2020-12-10
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close