CVE-2023-6397
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
20/02/2024
Last modified:
21/01/2025
Description
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.<br />
<br />
<br />
<br />
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:* | 4.32 (including) | 5.37 (excluding) |
| cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:* | ||
| cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:* | 4.32 (including) | 5.37 (excluding) |
| cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:* | ||
| cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:* | 4.32 (including) | 5.37 (excluding) |
| cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:* | ||
| cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:* | 4.32 (including) | 5.37 (excluding) |
| cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:* | ||
| cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page