CVE-2023-22915 — HIGH (7.5)

Q: How severe is CVE-2023-22915?

CVE-2023-22915 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-22915?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Usg Flex 100 Firmware, Zyxel Usg Flex 100, Zyxel Usg Flex 100W Firmware, Zyxel Usg Flex 100W, Zyxel Usg Flex 200 Firmware.

Vulnerability Description

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Usg Flex 100 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 100	-
Zyxel	Usg Flex 100W Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 100W	-
Zyxel	Usg Flex 200 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 200	-
Zyxel	Usg Flex 50 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 50	-
Zyxel	Usg Flex 50W Firmware	>= 4.30, <= 5.35
Zyxel	Usg Flex 50W	-
Zyxel	Usg Flex 500 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 500	-
Zyxel	Usg Flex 700 Firmware	>= 4.50, <= 5.35
Zyxel	Usg Flex 700	-
Zyxel	Vpn100 Firmware	>= 4.50, <= 5.35
Zyxel	Vpn100	-
Zyxel	Vpn1000 Firmware	>= 4.50, <= 5.35
Zyxel	Vpn1000	-
Zyxel	Vpn300 Firmware	>= 4.50, <= 5.35
Zyxel	Vpn300	-

Related Weaknesses (CWE)

CWE-120

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory

FAQ

What is CVE-2023-22915?

CVE-2023-22915 is a vulnerability with a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN f...

How severe is CVE-2023-22915?

CVE-2023-22915 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22915?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Usg Flex 100 Firmware, Zyxel Usg Flex 100, Zyxel Usg Flex 100W Firmware, Zyxel Usg Flex 100W, Zyxel Usg Flex 200 Firmware.