VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 24, 2023· Updated Feb 12, 2025

CVE-2023-22917

CVE-2023-22917

Description

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in Zyxel firewall 'sdwan_iface_ipc' allows unauthenticated remote attackers to crash the device by uploading a crafted configuration file.

Vulnerability

A buffer overflow vulnerability resides in the sdwan_iface_ipc binary of Zyxel ATP series (firmware 5.10 through 5.32), USG FLEX series (5.00 through 5.32), USG FLEX 50(W) (5.10 through 5.32), USG20(W)-VPN (5.10 through 5.32), and VPN series (5.00 through 5.35) [1]. The flaw is triggered during parsing of a crafted configuration file when it is uploaded to the device [1].

Exploitation

An attacker does not require authentication or any prior access to the device [1]. The attack vector is remote: the attacker uploads a specially crafted configuration file to the vulnerable sdwan_iface_ipc binary [1]. No additional user interaction or specific feature enablement is needed beyond the device being reachable over the network [1].

Impact

Successful exploitation causes a core dump with a request error message, resulting in a denial of service (DoS) condition on the affected firewall device [1]. The vulnerability does not provide code execution or data exfiltration; the impact is limited to crashing the device [1].

Mitigation

Zyxel has released firmware updates to address this vulnerability: ATP series version 5.36, USG FLEX series version 5.36, USG FLEX 50(W) version 5.36, USG20(W)-VPN version 5.36, and VPN series version 5.36 [1]. Users are advised to upgrade to the fixed versions immediately [1]. No workaround has been provided. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].

References
  1. Zyxel security advisory for multiple vulnerabilities of firewalls and APs | Zyxel Networks

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Zyxel/VPN seriesllm-fuzzy2 versions
    5.00 through 5.35+ 1 more
    • (no CPE)range: 5.00 through 5.35
    • (no CPE)range: 5.00 through 5.35
  • Zyxel/ATP seriesllm-fuzzy2 versions
    5.10 through 5.32+ 1 more
    • (no CPE)range: 5.10 through 5.32
    • (no CPE)range: 5.10 through 5.32
  • Zyxel/USG FLEX seriesllm-fuzzy2 versions
    5.00 through 5.32+ 1 more
    • (no CPE)range: 5.00 through 5.32
    • (no CPE)range: 5.00 through 5.32
  • Zyxel/USG20(W)-VPN firmwarev5
    Range: 5.10 through 5.32
  • Zyxel/USG FLEX 50(W) firmwarev5
    Range: 5.10 through 5.32

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.