CVE-2023-43314

** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Rumble00/Rumble/issues/1

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:pmg2005-t20b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg2005-t20b:-:*:*:*:*:*:*:*

History

29 Dec 2023, 08:15

Type	Values Removed	Values Added
Summary	~~(en) The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an authenticated attacker to cause a denial of service condition via a crafted uid.~~	(en) UNSUPPORTED WHEN ASSIGNED The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.

29 Dec 2023, 01:15

Type	Values Removed	Values Added
Summary	(en) The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an authenticated attacker with administrator privileges to cause a denial of service condition via a crafted uid.	(en) The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an authenticated attacker to cause a denial of service condition via a crafted uid.

07 Nov 2023, 04:21

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/Rumble00/Rumble/issues/1 - Exploit, Issue Tracking, Third Party Advisory~~	() https://github.com/Rumble00/Rumble/issues/1 -
Summary	UNSUPPPORTED WHEN ASSIGNED The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an authenticated attacker with administrator privileges to cause a denial of service condition via a crafted uid.	The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an authenticated attacker with administrator privileges to cause a denial of service condition via a crafted uid.

12 Oct 2023, 11:15

Type	Values Removed	Values Added
Summary	~~Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.~~	UNSUPPPORTED WHEN ASSIGNED The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an authenticated attacker with administrator privileges to cause a denial of service condition via a crafted uid.

02 Oct 2023, 17:31

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/Rumble00/Rumble/issues/1 -~~	(MISC) https://github.com/Rumble00/Rumble/issues/1 - Exploit, Issue Tracking, Third Party Advisory
CWE		CWE-120
First Time		Zyxel Zyxel pmg2005-t20b Zyxel pmg2005-t20b Firmware
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:o:zyxel:pmg2005-t20b_firmware:-:::::::* cpe:2.3:h:zyxel:pmg2005-t20b:-:::::::*

27 Sep 2023, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-27 23:15

Updated : 2024-04-11 01:21

NVD link : CVE-2023-43314

Mitre link : CVE-2023-43314

CVE.ORG link : CVE-2023-43314

JSON object : View

Products Affected

zyxel

pmg2005-t20b_firmware
pmg2005-t20b

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

7.5 /10