Description
A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Zyxel / ATP series firmware5.10 through 5.32 – 5.10 through 5.32
- Zyxel / USG20(W)-VPN firmware5.10 through 5.32 – 5.10 through 5.32
- Zyxel / USG FLEX 50(W) firmware5.10 through 5.32 – 5.10 through 5.32
- Zyxel / USG FLEX series firmware5.00 through 5.32 – 5.00 through 5.32
- Zyxel / VPN series firmware5.00 through 5.35 – 5.00 through 5.35