Lucene search

[email protected]CVE-2023-37929

HistoryMay 21, 2024 - 2:15 a.m.

CVE-2023-37929

2024-05-2102:15:08

CWE-120

[email protected]

web.nvd.nist.gov

buffer overflow

cgi program

vmg3625-t50b

v5.50 firmware

denial of service

crafted http request

remote attacker

vulnerable device

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "V5.50(ABPM.8)C0 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V5.50(ABPM.8)C0"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2023-37929

cvelist1 nvd1