Null Pointer Dereference Vulnerability in Zyxel ATP and USG FLEX Series Firewalls

Null Pointer Dereference Vulnerability in Zyxel ATP and USG FLEX Series Firewalls

CVE-2023-6397 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.

Learn more about our Web Application Penetration Testing UK.