CVE-2023-6397

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions 4.32 through 5.37 Patch 1 Zyxel USG FLEX series versions 4.50 through 5.37 Patch 1

Description A null pointer dereference issue in the Anti-Malware feature of Zyxel ATP and USG FLEX series firmware could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host. This issue is related to pointer dereference errors and can be exploited by a remote attacker to cause a denial of service.

Recommendations For Zyxel ATP series versions 4.32 through 5.37 Patch 1, consider disabling the Anti-Malware feature until a patch is available. For Zyxel USG FLEX series versions 4.50 through 5.37 Patch 1, consider disabling the Anti-Malware feature until a patch is available. As a temporary workaround, avoid using the Anti-Malware feature in the affected firmware versions until the issue is resolved.