CVE-2023-4397

Name of the Vulnerable Software and Affected Versions Zyxel ATP series version 5.37 Zyxel USG FLEX series version 5.37 Zyxel USG FLEX 50(W) series version 5.37 Zyxel USG20(W)-VPN series version 5.37

Description A buffer overflow issue in the firmware could allow an authenticated local attacker with administrator privileges to cause denial-of-service conditions by executing a CLI command with crafted strings on an affected device. The exploitation of this issue may result in a denial-of-service condition.

Recommendations For Zyxel ATP series version 5.37, update the firmware to a version that addresses the buffer overflow issue. For Zyxel USG FLEX series version 5.37, update the firmware to a version that addresses the buffer overflow issue. For Zyxel USG FLEX 50(W) series version 5.37, update the firmware to a version that addresses the buffer overflow issue. For Zyxel USG20(W)-VPN series version 5.37, update the firmware to a version that addresses the buffer overflow issue. As a temporary workaround, consider restricting the execution of CLI commands with crafted strings on affected devices until a patch is available.