Vulnerability Description
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Zld | 5.37 |
| Zyxel | Atp100 | - |
| Zyxel | Atp100W | - |
| Zyxel | Atp200 | - |
| Zyxel | Atp500 | - |
| Zyxel | Atp700 | - |
| Zyxel | Atp800 | - |
| Zyxel | Usg Flex 100 | - |
| Zyxel | Usg Flex 100W | - |
| Zyxel | Usg Flex 200 | - |
| Zyxel | Usg Flex 50 | - |
| Zyxel | Usg Flex 500 | - |
| Zyxel | Usg Flex 50W | - |
| Zyxel | Usg Flex 700 | - |
| Zyxel | Usg 20W-Vpn | - |
| Zyxel | Vpn50W | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
FAQ
What is CVE-2023-4397?
CVE-2023-4397 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware vers...
How severe is CVE-2023-4397?
CVE-2023-4397 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4397?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Zld, Zyxel Atp100, Zyxel Atp100W, Zyxel Atp200, Zyxel Atp500.