CVE-2023-22915

Name of the Vulnerable Software and Affected Versions Zyxel USG FLEX series firmware versions 4.50 through 5.35 Zyxel USG FLEX 50(W) firmware versions 4.30 through 5.35 Zyxel USG20(W)-VPN firmware versions 4.30 through 5.35 Zyxel VPN series firmware versions 4.30 through 5.35

Description A buffer overflow vulnerability in the fbwifi forward.cgi CGI program could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device. The vulnerability is related to a buffer overflow in memory, which can be exploited by sending specially crafted HTTP requests.

Recommendations For Zyxel USG FLEX series firmware versions 4.50 through 5.35, consider disabling the Facebook WiFi function until a patch is available. For Zyxel USG FLEX 50(W) firmware versions 4.30 through 5.35, consider disabling the Facebook WiFi function until a patch is available. For Zyxel USG20(W)-VPN firmware versions 4.30 through 5.35, consider disabling the Facebook WiFi function until a patch is available. For Zyxel VPN series firmware versions 4.30 through 5.35, consider disabling the Facebook WiFi function until a patch is available. As a temporary workaround, consider restricting access to the fbwifi forward.cgi CGI program to minimize the risk of exploitation.