Lucene search

ZyxelCVE-2024-38268

HistorySep 24, 2024 - 2:15 a.m.

CVE-2024-38268

2024-09-2402:15:02

CWE-119

Zyxel

web.nvd.nist.gov

cve-2024-38268

memory corruption

zyxel vmg8825-t50k

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

Low

EPSS

Percentile

14.1%

JSON

An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

Affected configurations

Nvd

Node

zyxelwx5600-t0_firmwareRange<5.70\(aceb.3.2\)c0

AND

zyxelwx5600-t0Match-

Node

zyxelwx3401-b0_firmwareRange<5.17\(abve.2.5\)c0

AND

zyxelwx3401-b0Match-

Node

zyxelwx3100-t0_firmwareRange<5.50\(abvl.4.3\)c0

AND

zyxelwx3100-t0Match-

Node

zyxelscr50axe_firmwareRange<1.10\(acgn.3\)c0

AND

zyxelscr50axeMatch-

Node

zyxelpx3321-t1_firmwareRange<5.44\(acjb.1\)c0

AND

zyxelpx3321-t1Match-

Node

zyxelpm7300-t0_firmwareRange<5.42\(abyy.2.2\)c0

AND

zyxelpm7300-t0Match-

Node

zyxelpm5100-t0_firmwareRange<5.42\(acbf.2.1\)c0

AND

zyxelpm5100-t0Match-

Node

zyxelpm3100-t0_firmwareRange<5.42\(acbf.2.1\)c0

AND

zyxelpm3100-t0Match-

Node

zyxelax7501-b1_firmwareRange<5.17\(abpc.5.2\)c0

AND

zyxelax7501-b1Match-

Node

zyxelvmg8825-t50k_firmwareRange<5.50\(abom.8.4\)c0

AND

zyxelvmg8825-t50kMatch-

Node

zyxelvmg8623-t50b_firmwareRange<5.50\(abpm.9.2\)c0

AND

zyxelvmg8623-t50bMatch-

Node

zyxelvmg4005-b60a_firmwareRange<5.17\(abqa.2.2\)c0

AND

zyxelvmg4005-b60aMatch-

Node

zyxelvmg4005-b50a_firmwareRange<5.17\(abqa.2.2\)c0

AND

zyxelvmg4005-b50aMatch-

Node

zyxelvmg3927-t50k_firmwareRange<5.50\(abom.8.4\)c0

AND

zyxelvmg3927-t50kMatch-

Node

zyxelvmg3625-t50b_firmwareRange<5.50\(abpm.9.2\)c0

AND

zyxelvmg3625-t50bMatch-

Node

zyxelemg5723-t50k_firmwareRange<5.50\(abom.8.4\)c0

AND

zyxelemg5723-t50kMatch-

Node

zyxelemg5523-t50b_firmwareRange<5.50\(abpm.9.2\)c0

AND

zyxelemg5523-t50bMatch-

Node

zyxelemg3525-t50b_firmwareRange<5.50\(abpm.9.2\)c0

AND

zyxelemg3525-t50bMatch-

Node

zyxelex7710-b0_firmwareRange<5.18\(acak.1\)c1

AND

zyxelex7710-b0Match-

Node

zyxelex7501-b0_firmwareRange<5.18\(achn.1.2\)c0

AND

zyxelex7501-b0Match-

Node

zyxelex5601-t1_firmwareRange<5.70\(acdz.3.2\)c0

AND

zyxelex5601-t1Match-

Node

zyxelex5601-t0_firmwareRange<5.70\(acdz.3.2\)c0

AND

zyxelex5601-t0Match-

Node

zyxelex5512-t0_firmwareRange<5.70\(aceg.3\)c2

AND

zyxelex5512-t0Match-

Node

zyxelex5510-b0_firmwareRange<5.17\(abqx.10\)c0

AND

zyxelex5510-b0Match-

Node

zyxelex5401-b1_firmwareRange<5.17\(abyo.6.2\)c0

AND

zyxelex5401-b1Match-

Node

zyxelex5401-b0_firmwareRange<5.17\(abyo.6.2\)c0

AND

zyxelex5401-b0Match-

Node

zyxelex3600-t0_firmwareRange<5.70\(acif.0.3\)c0

AND

zyxelex3600-t0Match-

Node

zyxelex3510-b1_firmwareRange<5.17\(abup.12\)c0

AND

zyxelex3510-b1Match-

Node

zyxelex3510-b0_firmwareRange<5.17\(abup.12\)c0

AND

zyxelex3510-b0Match-

Node

zyxelex3501-t0_firmwareRange<5.44\(achr.2\)c0

AND

zyxelex3501-t0Match-

Node

zyxelex3500-t0_firmwareRange<5.44\(achr.2\)c0

AND

zyxelex3500-t0Match-

Node

zyxelex3301-t0_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxelex3301-t0Match-

Node

zyxelex3300-t1_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxelex3300-t1Match-

Node

zyxelex3300-t0_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxelex3300-t0Match-

Node

zyxeldx5401-b1_firmwareRange<5.17\(abyo.6.2\)c0

AND

zyxeldx5401-b1Match-

Node

zyxeldx5401-b0_firmwareRange<5.17\(abyo.6.2\)c0

AND

zyxeldx5401-b0Match-

Node

zyxeldx4510-b1_firmwareRange<5.17\(abyl.7\)c0

AND

zyxeldx4510-b1Match-

Node

zyxeldx4510-b0_firmwareRange<5.17\(abyl.7\)c0

AND

zyxeldx4510-b0Match-

Node

zyxeldx3301-t0_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxeldx3301-t0Match-

Node

zyxeldx3300-t1_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxeldx3300-t1Match-

Node

zyxeldx3300-t0_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxeldx3300-t0Match-

VendorProductVersionCPE
zyxelwx5600-t0_firmware*cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*
zyxelwx5600-t0-cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*
zyxelwx3401-b0_firmware*cpe:2.3:o:zyxel:wx3401-b0_firmware:*:*:*:*:*:*:*:*
zyxelwx3401-b0-cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:*
zyxelwx3100-t0_firmware*cpe:2.3:o:zyxel:wx3100-t0_firmware:*:*:*:*:*:*:*:*
zyxelwx3100-t0-cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*
zyxelscr50axe_firmware*cpe:2.3:o:zyxel:scr50axe_firmware:*:*:*:*:*:*:*:*
zyxelscr50axe-cpe:2.3:h:zyxel:scr50axe:-:*:*:*:*:*:*:*
zyxelpx3321-t1_firmware*cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*
zyxelpx3321-t1-cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	wx5600-t0_firmware	*	cpe:2.3:o:zyxel:wx5600-t0_firmware::::::::
zyxel	wx5600-t0	-	cpe:2.3:h:zyxel:wx5600-t0:-:::::::*
zyxel	wx3401-b0_firmware	*	cpe:2.3:o:zyxel:wx3401-b0_firmware::::::::
zyxel	wx3401-b0	-	cpe:2.3:h:zyxel:wx3401-b0:-:::::::*
zyxel	wx3100-t0_firmware	*	cpe:2.3:o:zyxel:wx3100-t0_firmware::::::::
zyxel	wx3100-t0	-	cpe:2.3:h:zyxel:wx3100-t0:-:::::::*
zyxel	scr50axe_firmware	*	cpe:2.3:o:zyxel:scr50axe_firmware::::::::
zyxel	scr50axe	-	cpe:2.3:h:zyxel:scr50axe:-:::::::*
zyxel	px3321-t1_firmware	*	cpe:2.3:o:zyxel:px3321-t1_firmware::::::::
zyxel	px3321-t1	-	cpe:2.3:h:zyxel:px3321-t1:-:::::::*

Rows per page:

1-10 of 821

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMG8825-T50K firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "<= 5.50(ABOM.8)C0"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024

Social References

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

Low

EPSS

Percentile

14.1%

JSON

Related for CVE-2024-38268