CVE-2023-6397 — MEDIUM (6.5)

Q: How severe is CVE-2023-6397?

CVE-2023-6397 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-6397?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Atp100 Firmware, Zyxel Atp100, Zyxel Atp100W Firmware, Zyxel Atp100W, Zyxel Atp200 Firmware.

Vulnerability Description

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Atp100 Firmware	>= 4.32, < 5.37
Zyxel	Atp100	-
Zyxel	Atp100W Firmware	>= 4.32, < 5.37
Zyxel	Atp100W	-
Zyxel	Atp200 Firmware	>= 4.32, < 5.37
Zyxel	Atp200	-
Zyxel	Atp500 Firmware	>= 4.32, < 5.37
Zyxel	Atp500	-
Zyxel	Atp700 Firmware	>= 4.32, < 5.37
Zyxel	Atp700	-
Zyxel	Atp800 Firmware	>= 4.32, < 5.37
Zyxel	Atp800	-
Zyxel	Usg Flex 100 Firmware	>= 4.50, < 5.37
Zyxel	Usg Flex 100	-
Zyxel	Usg Flex 100Ax Firmware	>= 4.50, < 5.37
Zyxel	Usg Flex 100Ax	-
Zyxel	Usg Flex 100H Firmware	>= 4.50, < 5.37
Zyxel	Usg Flex 100H	-
Zyxel	Usg Flex 100W Firmware	>= 4.50, < 5.37
Zyxel	Usg Flex 100W	-

Related Weaknesses (CWE)

CWE-476

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory

FAQ

What is CVE-2023-6397?

CVE-2023-6397 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could all...

How severe is CVE-2023-6397?

CVE-2023-6397 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6397?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Atp100 Firmware, Zyxel Atp100, Zyxel Atp100W Firmware, Zyxel Atp100W, Zyxel Atp200 Firmware.