Vulnerability Description
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Zld | >= 4.30, <= 4.55 |
| Zyxel | Zywall 110 | - |
| Zyxel | Zywall 1100 | - |
| Zyxel | Zywall 310 | - |
| Zyxel | Usg 110 | - |
| Zyxel | Usg 1100 | - |
| Zyxel | Usg 1900 | - |
| Zyxel | Usg 20W | - |
| Zyxel | Usg 20W-Vpn | - |
| Zyxel | Usg 2200-Vpn | - |
| Zyxel | Usg 310 | - |
| Zyxel | Usg 40 | - |
| Zyxel | Usg 40W | - |
| Zyxel | Usg 60 | - |
| Zyxel | Usg 60W | - |
| Zyxel | Usg110 | - |
| Zyxel | Usg1100 | - |
| Zyxel | Usg1900 | - |
| Zyxel | Usg20-Vpn | - |
| Zyxel | Usg20W-Vpn | - |
Related Weaknesses (CWE)
References
- https://businessforum.zyxel.com/categories/security-news-and-releaseRelease NotesVendor Advisory
- https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerVendor Advisory
- https://businessforum.zyxel.com/categories/security-news-and-releaseRelease NotesVendor Advisory
- https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerVendor Advisory
FAQ
What is CVE-2020-25014?
CVE-2020-25014 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrar...
How severe is CVE-2020-25014?
CVE-2020-25014 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-25014?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Zld, Zyxel Zywall 110, Zyxel Zywall 1100, Zyxel Zywall 310, Zyxel Usg 110.