ZyXEL NR7101 1.00 HTTP Request buffer overflow

Summaryinfo

A vulnerability has been found in ZyXEL NR7101 1.00 and classified as critical. This vulnerability affects unknown code of the component HTTP Request Handler. This manipulation causes buffer overflow. This vulnerability is registered as CVE-2023-27989. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in ZyXEL NR7101 1.00. It has been declared as critical. Affected by this vulnerability is an unknown part of the component HTTP Request Handler. The manipulation with an unknown input leads to a buffer overflow vulnerability. The CWE definition for the vulnerability is CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. As an impact it is known to affect availability. The summary by CVE is:

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

The weakness was published 06/05/2023. It is possible to read the advisory at zyxel.com. This vulnerability is known as CVE-2023-27989 since 03/09/2023. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 1.00(ABUV.8)C0 eliminates this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Vendor

• ZyXEL

Name

• NR7101

Version

• 1.00

License

• commercial

Website

• Vendor: https://www.zyxel.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion