CVE-2020-25014
CRITICALZyxel ZLD 4.30-4.55 - Unauthenticated Stack-based Buffer Overflow via fbwifi_continue.cgi
Title source: llmDescription
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://businessforum.zyxel.com/categories/security-news-and-release
Vendor Advisory x_refsource_confirm
https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml
Scores
CVSS v3
9.8
EPSS
0.0200
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (4)
zyxel/access_points_firmware
6.10 (8 CPE variants)
zyxel/access_points_firmware
zyxel/access_points_firmware
< 6.10
zyxel/zld
4.30 - 4.55
Published
Nov 27, 2020
Tracked Since
Feb 18, 2026