Lucene search

K
cve[email protected]CVE-2023-37929
HistoryMay 21, 2024 - 2:15 a.m.

CVE-2023-37929

2024-05-2102:15:08
CWE-120
web.nvd.nist.gov
6
buffer overflow
cgi program
vmg3625-t50b
v5.50 firmware
denial of service
crafted http request
remote attacker
vulnerable device

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "V5.50(ABPM.8)C0 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V5.50(ABPM.8)C0"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

Related for CVE-2023-37929