Zyxel · Zyxel Nxc2500 · CVE-2023-34140
**Name of the Vulnerable Software and Affected Versions**
Zyxel ATP series versions 4.32 through 5.36 Patch 2
Zyxel USG FLEX series versions 4.50 through 5.36 Patch 2
Zyxel USG FLEX 50(W) series versions 4.16 through 5.36 Patch 2
Zyxel USG20(W)-VPN series versions 4.16 through 5.36 Patch 2
Zyxel VPN series versions 4.30 through 5.36 Patch 2
Zyxel NXC2500 versions 6.10(AAIG.0) through 6.10(AAIG.3)
Zyxel NXC5500 versions 6.10(AAOS.0) through 6.10(AAOS.4)
**Description**
A buffer overflow vulnerability in the CAPWAP daemon could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request. This issue is related to a buffer overflow in the memory, which can be exploited by a remote attacker to cause a denial of service.
**Recommendations**
For Zyxel ATP series versions 4.32 through 5.36 Patch 2, update to a version later than 5.36 Patch 2.
For Zyxel USG FLEX series versions 4.50 through 5.36 Patch 2, update to a version later than 5.36 Patch 2.
For Zyxel USG FLEX 50(W) series versions 4.16 through 5.36 Patch 2, update to a version later than 5.36 Patch 2.
For Zyxel USG20(W)-VPN series versions 4.16 through 5.36 Patch 2, update to a version later than 5.36 Patch 2.
For Zyxel VPN series versions 4.30 through 5.36 Patch 2, update to a version later than 5.36 Patch 2.
For Zyxel NXC2500 versions 6.10(AAIG.0) through 6.10(AAIG.3), update to a version later than 6.10(AAIG.3).
For Zyxel NXC5500 versions 6.10(AAOS.0) through 6.10(AAOS.4), update to a version later than 6.10(AAOS.4).
As a temporary workaround, consider disabling the CAPWAP daemon until a patch is available.