VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 24, 2023· Updated Feb 12, 2025

CVE-2023-22915

CVE-2023-22915

Description

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated buffer overflow in Zyxel firewall CGI program (fbwifi_forward.cgi) allows remote DoS via crafted HTTP request when Facebook WiFi is enabled.

Vulnerability

A buffer overflow vulnerability exists in the fbwifi_forward.cgi CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35 [1]. The flaw is triggered when the Facebook WiFi function is enabled on an affected device, allowing a remote unauthenticated attacker to send a crafted HTTP request that causes a buffer overflow [1].

Exploitation

An attacker must be able to send a crafted HTTP request to the target device. No authentication is required, but the Facebook WiFi function must be enabled on the device. The advisory notes that WAN access is disabled by default on the firewall devices, meaning the attacker typically needs to be on the same network segment or the device must have WAN access explicitly enabled [1]. The specific sequence involves sending a maliciously crafted HTTP request to the fbwifi_forward.cgi endpoint, which overflows a buffer in the CGI program [1].

Impact

Successful exploitation leads to denial-of-service (DoS) conditions on the affected device [1]. The attacker gains no code execution or privilege escalation, only the ability to crash the CGI program or potentially the entire device, disrupting normal operations.

Mitigation

Zyxel has released firmware updates to address this vulnerability. Users should upgrade to the latest firmware versions for their respective device series as specified in the security advisory [1]. If immediate patching is not possible, users should disable the Facebook WiFi function as a workaround, though this may not fully eliminate the risk if the vulnerable CGI program is still present. The advisory lists multiple CVEs addressed in the same firmware release [1].

References
  1. Zyxel security advisory for multiple vulnerabilities of firewalls and APs | Zyxel Networks

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Zyxel/USG FLEX 50(W)llm-create
    Range: 4.30 <= firmware <= 5.35
  • Zyxel/VPN seriesllm-fuzzy2 versions
    4.30 <= firmware <= 5.35+ 1 more
    • (no CPE)range: 4.30 <= firmware <= 5.35
    • (no CPE)range: 4.30 through 5.35
  • Zyxel/USG FLEX seriesllm-fuzzy2 versions
    4.50 <= firmware <= 5.35+ 1 more
    • (no CPE)range: 4.50 <= firmware <= 5.35
    • (no CPE)range: 4.50 through 5.35
  • Zyxel/USG20(W)-VPN firmwarev5
    Range: 4.30 through 5.35
  • Zyxel/USG FLEX 50(W) firmwarev5
    Range: 4.30 through 5.35

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.