CVE-2024-6343

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.38 Zyxel USG FLEX series versions V4.50 through V5.38 Zyxel USG FLEX 50(W) series versions V4.16 through V5.38 Zyxel USG20(W)-VPN series versions V4.16 through V5.38

Description A buffer overflow vulnerability in the CGI program could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. The vulnerability is related to the lack of size checking for input data, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Zyxel ATP series versions V4.32 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. For Zyxel USG FLEX series versions V4.50 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. For Zyxel USG FLEX 50(W) series versions V4.16 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. For Zyxel USG20(W)-VPN series versions V4.16 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. As a temporary workaround, consider restricting access to the CGI program to minimize the risk of exploitation.