阿里云漏洞库

漏洞描述

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-ad...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	zyxel	atp100w_firmware	*	From (including) 4.32	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	atp100w_firmware	5.36	-
	运行在以下环境
	系统	zyxel	atp100_firmware	*	From (including) 4.32	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	atp100_firmware	5.36	-
	运行在以下环境
	系统	zyxel	atp200_firmware	*	From (including) 4.32	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	atp200_firmware	5.36	-
	运行在以下环境
	系统	zyxel	atp500_firmware	*	From (including) 4.32	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	atp500_firmware	5.36	-
	运行在以下环境
	系统	zyxel	atp700_firmware	*	From (including) 4.32	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	atp700_firmware	5.36	-
	运行在以下环境
	系统	zyxel	atp800_firmware	*	From (including) 4.32	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	atp800_firmware	5.36	-
	运行在以下环境
	系统	zyxel	usg20-vpn_firmware	*	From (including) 4.30	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	usg20-vpn_firmware	5.36	-
	运行在以下环境
	系统	zyxel	usg_20w-vpn_firmware	*	From (including) 4.25	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	usg_20w-vpn_firmware	5.36	-
	运行在以下环境
	系统	zyxel	usg_40w_firmware	*	From (including) 4.25	Up to (excluding) 4.73
	运行在以下环境
	系统	zyxel	usg_40w_firmware	4.73	-
	运行在以下环境
	系统	zyxel	usg_40_firmware	*	From (including) 4.25	Up to (excluding) 4.73
	运行在以下环境
	系统	zyxel	usg_40_firmware	4.73	-
	运行在以下环境
	系统	zyxel	usg_60w_firmware	*	From (including) 4.25	Up to (excluding) 4.73
	运行在以下环境
	系统	zyxel	usg_60w_firmware	4.73	-
	运行在以下环境
	系统	zyxel	usg_60_firmware	*	From (including) 4.25	Up to (excluding) 4.73
	运行在以下环境
	系统	zyxel	usg_60_firmware	4.73	-
	运行在以下环境
	系统	zyxel	usg_flex_100w_firmware	5.36	-
	运行在以下环境
	系统	zyxel	usg_flex_100_firmware	*	From (including) 4.50	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	usg_flex_100_firmware	5.36	-
	运行在以下环境
	系统	zyxel	usg_flex_200_firmware	*	From (including) 4.50	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	usg_flex_200_firmware	5.36	-
	运行在以下环境
	系统	zyxel	usg_flex_500_firmware	*	From (including) 4.50	Up to (excluding) 5.36
	运行在以下环境
	系统	zyxel	usg_flex_500_firmware	5.36	-
	运行在以下环境
系统	zyxel	usg_flex_50w_firmware	*	From (including) 4.25	Up to (excluding) 5.36
运行在以下环境
系统	zyxel	usg_flex_50w_firmware	5.36	-
运行在以下环境
系统	zyxel	usg_flex_50_firmware	*	From (including) 4.50	Up to (excluding) 5.36
运行在以下环境
系统	zyxel	usg_flex_50_firmware	5.36	-
运行在以下环境
系统	zyxel	usg_flex_700_firmware	*	From (including) 4.50	Up to (excluding) 5.36
运行在以下环境
系统	zyxel	usg_flex_700_firmware	5.36	-
运行在以下环境
系统	zyxel	vpn1000_firmware	*	From (including) 4.30	Up to (excluding) 5.36
运行在以下环境
系统	zyxel	vpn1000_firmware	5.36	-
运行在以下环境
系统	zyxel	vpn100_firmware	*	From (including) 4.30	Up to (excluding) 5.36
运行在以下环境
系统	zyxel	vpn100_firmware	5.36	-
运行在以下环境
系统	zyxel	vpn300_firmware	*	From (including) 4.30	Up to (excluding) 5.36
运行在以下环境
系统	zyxel	vpn300_firmware	5.36	-
运行在以下环境
系统	zyxel	vpn50_firmware	*	From (including) 4.30	Up to (excluding) 5.36
运行在以下环境
系统	zyxel	vpn50_firmware	5.36	-
运行在以下环境
硬件	zyxel	atp100	-	-
运行在以下环境
硬件	zyxel	atp100w	-	-
运行在以下环境
硬件	zyxel	atp200	-	-
运行在以下环境
硬件	zyxel	atp500	-	-
运行在以下环境
硬件	zyxel	atp700	-	-
运行在以下环境
硬件	zyxel	atp800	-	-
运行在以下环境
硬件	zyxel	usg20-vpn	-	-
运行在以下环境
硬件	zyxel	usg_20w-vpn	-	-
运行在以下环境
硬件	zyxel	usg_40	-	-
运行在以下环境
硬件	zyxel	usg_40w	-	-
运行在以下环境
硬件	zyxel	usg_60	-	-
运行在以下环境
硬件	zyxel	usg_60w	-	-
运行在以下环境
硬件	zyxel	usg_flex_100	-	-
运行在以下环境
硬件	zyxel	usg_flex_100w	-	-
运行在以下环境
硬件	zyxel	usg_flex_200	-	-
运行在以下环境
硬件	zyxel	usg_flex_50	-	-
运行在以下环境
硬件	zyxel	usg_flex_500	-	-
运行在以下环境
硬件	zyxel	usg_flex_50w	-	-
运行在以下环境
硬件	zyxel	usg_flex_700	-	-
运行在以下环境
硬件	zyxel	vpn100	-	-
运行在以下环境
硬件	zyxel	vpn1000	-	-
运行在以下环境
硬件	zyxel	vpn300	-	-
运行在以下环境
硬件	zyxel	vpn50	-	-

攻击路径

网络
攻击复杂度

低
权限要求

无
影响范围

未更改
用户交互

无
可用性

高
保密性

高
完整性

高

CWE-ID	漏洞类型
CWE-120	未进行输入大小检查的缓冲区拷贝（传统缓冲区溢出）

Zyxel 安全漏洞

漏洞描述

解决建议

参考链接

受影响软件情况