Vulnerability Description
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Lte7480-M804 Firmware | <= 1.00\(abra.6\)c0 |
| Zyxel | Lte7480-M804 | - |
| Zyxel | Lte7490-M904 Firmware | <= 1.00\(abqy.5\)c0 |
| Zyxel | Lte7490-M904 | - |
| Zyxel | Nr7101 Firmware | <= 1.00\(abuv.7\)c0 |
| Zyxel | Nr7101 | - |
| Zyxel | Nebula Nr7101 Firmware | <= 1.15\(accc.3\)c0 |
| Zyxel | Nebula Nr7101 | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisPatchThird Party Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisPatchThird Party Advisory
FAQ
What is CVE-2023-27989?
CVE-2023-27989 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditio...
How severe is CVE-2023-27989?
CVE-2023-27989 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-27989?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Lte7480-M804 Firmware, Zyxel Lte7480-M804, Zyxel Lte7490-M904 Firmware, Zyxel Lte7490-M904, Zyxel Nr7101 Firmware.