PT-2023-03: Unauth Buffer Overflow in fbwifi_forward.cgi in Zyxel products

Vendor: Zyxel

Vulnerable product: USG FLEX, USG FLEX 50(W)/ USG20(W)-VPN, VPN

Vulnerable version: USG FLEX - ZLD V4.50~V5.35; USG FLEX 50(W)/ USG20(W)-VPN - ZLD V4.30~V5.35; VPN - ZLD V4.30~V5.35

Vulnerability type:

• CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Identifier (ID):

• CVE-2023-22915

Vulnerability vector:

• Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

• Severity (CVSSv3.1): 7.5(high)

• Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

• Severity (CVSSv4.0): 8.2(high)

Description:

An issue was identified in Zyxel products affecting: USG FLEX (ZLD V4.50~V5.35); USG FLEX 50(W)/ USG20(W)-VPN (ZLD V4.30~V5.35); VPN (ZLD V4.30~V5.35).
Discovered vulnerability of Buffer Overflow in fbwifi_forward.cgi can be exploited by an unauthenticated attacker to cause a denial of service (DoS) conditions by sending a crafted HTTP request if Facebook WiFi function is enabled.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 25.04.2023

Recommendations:

• Update to version ZLD V5.36 or higher

Additional information:

• Security advisory

Researcher: Nikita Abramov (Positive Technologies)