Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ZYXEL_ROUTER_CVE-2023-27989.NASLHistoryJun 13, 2023 - 12:00 a.m.
Zyxel Router Buffer Overflow Vulnerability (DoS)
2023-06-1300:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
zyxel router
buffer overflow
dos
cgi
firmware
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.4%
According to its model number and firmware revision, the remote Zyxel router is affected by a buffer overflow / denial of service vulnerability, due to a flaw in the CGI program. An authenticated, remote attacker can exploit this issue, via a crafted HTTP request, to cause the systeem to stop responding.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
include('compat.inc');
if (description)
{
script_id(177214);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/28");
script_cve_id("CVE-2023-27989");
script_name(english:"Zyxel Router Buffer Overflow Vulnerability (DoS)");
script_set_attribute(attribute:"synopsis", value:
"The router is affected by a buffer overflow / denial of service
vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its model number and firmware revision, the remote Zyxel router is affected by a buffer overflow / denial
of service vulnerability, due to a flaw in the CGI program. An authenticated, remote attacker can exploit this issue,
via a crafted HTTP request, to cause the systeem to stop responding.");
# https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f4fb8d5e");
script_set_attribute(attribute:"solution", value:
"Upgrade to the Zyxel firmware referenced in the advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-27989");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/06");
script_set_attribute(attribute:"patch_publication_date", value:"2023/06/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/13");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"x-cpe:/h:zyxel");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("zyxel_router_detect_getbasicinfo.nbin");
script_require_keys("www/zyxel_router");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include('http.inc');
include('vcf_extras.inc');
var app_info = vcf::zyxel_router::get_app_info();
dbg::detailed_log(lvl:1, msg:'[plugin][app_info][dump_vcf][' + obj_rep(app_info.version) + ']');
# vendor says use this firmware
var lte7480_uglyfix = "V1.00(ABRA.7)C0";
var lte7490_uglyfix = "V1.00(ABQY.6)C0";
var nr7101_uglyfix = "V1.00(ABUV.8)C0";
var neb_nr7101_uglyfix = "V1.16(ACCC.0)C0";
var test_uglyfix = "V1.00(ABZF.1)C1";
# let's make the firmware fix pretty
var lte7480_fix = vcf::zyxel_router::transform_ver(firmware:lte7480_uglyfix);
var lte7490_fix = vcf::zyxel_router::transform_ver(firmware:lte7490_uglyfix);
var nr7101_fix = vcf::zyxel_router::transform_ver(firmware:nr7101_uglyfix);
var neb_nr7101_fix = vcf::zyxel_router::transform_ver(firmware:neb_nr7101_uglyfix);
var test_fix = vcf::zyxel_router::transform_ver(firmware:test_uglyfix);
# models is a list, each set as different constraints
var constraints = [
{ 'models': make_list("LTE7480-M804"), 'fixed_version': lte7480_fix, 'fixed_display': lte7480_uglyfix},
{ 'models': make_list("LTE7490-M904"), 'fixed_version': lte7490_fix, 'fixed_display': lte7490_uglyfix},
{ 'models': make_list("NR7101"), 'fixed_version': nr7101_fix, 'fixed_display': nr7101_uglyfix},
{ 'models': make_list("Nebula NR7101"), 'fixed_version': neb_nr7101_fix, 'fixed_display': neb_nr7101_uglyfix},
{ 'models': make_list("NR7103"), 'fixed_version': test_fix, 'fixed_display': test_uglyfix}
];
vcf::zyxel_router::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zyxel | x-cpe:/h:zyxel |
Related
nvd
nvd
CVE-2023-27989
2023-06-05 12:15:09
prion
prion
Buffer overflow
2023-06-05 12:15:00
cve
cve
CVE-2023-27989
2023-06-05 12:15:09
cvelist
cvelist
CVE-2023-27989
2023-06-05 11:02:54
thn
thn
Zyxel Firewalls Under Attack! Urgent Patching Required
2023-06-06 04:16:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.4%
Related for ZYXEL_ROUTER_CVE-2023-27989.NASL