Vulnerabilities > CVE-2023-28768 - Improper Handling of Exceptional Conditions vulnerability in Zyxel products

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

zyxel

CWE-755

NVD

Published: 2023-08-14

Updated: 2023-08-21

Summary

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel Xgs2220 30 Firmware 4.80\(Abxn.1\) Zyxel Xgs2220 30F Firmware 4.80\(Abye.1\) Zyxel Xgs2220 30Hp Firmware 4.80\(Abxo.1\) Zyxel Xgs2220 54 Firmware 4.80\(Abxp.1\) Zyxel Xgs2220 54Fp Firmware 4.80\(Acce.1\) Zyxel Xgs2220 54Hp Firmware 4.80\(Abxq.1\) Zyxel Xmg1930 30 Firmware 4.80\(Acar.1\) Zyxel Xmg1930 30Hp Firmware 4.80\(Acas.1\) Zyxel Xs1930 10 Firmware 4.80\(Abqe.1\) Zyxel Xs1930 12F Firmware 4.80\(Abzv.1\) Zyxel Xs1930 12Hp Firmware 4.80\(Abqf.1\)	11
Hardware	Zyxel Zyxel Xgs2220 30 - Zyxel Xgs2220 30F - Zyxel Xgs2220 30Hp - Zyxel Xgs2220 54 - Zyxel Xgs2220 54Fp - Zyxel Xgs2220 54Hp - Zyxel Xmg1930 30 - Zyxel Xmg1930 30Hp - Zyxel Xs1930 10 - Zyxel Xs1930 12F - Zyxel Xs1930 12Hp -	11

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches