Lucene search

ZyxelCVE-2024-38269

HistorySep 24, 2024 - 2:15 a.m.

CVE-2024-38269

2024-09-2402:15:03

CWE-119

Zyxel

web.nvd.nist.gov

zyxel

usb file-sharing

memory buffer

authenticated attacker

administrator privileges

memory corruptions

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

14.1%

JSON

An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

Affected configurations

Nvd

Node

zyxelwx5600-t0_firmwareRange<5.70\(aceb.3.2\)c0

AND

zyxelwx5600-t0Match-

Node

zyxelwx3401-b0_firmwareRange<5.17\(abve.2.5\)c0

AND

zyxelwx3401-b0Match-

Node

zyxelwx3100-t0_firmwareRange<5.50\(abvl.4.3\)c0

AND

zyxelwx3100-t0Match-

Node

zyxelscr50axe_firmwareRange<1.10\(acgn.3\)c0

AND

zyxelscr50axeMatch-

Node

zyxelpx3321-t1_firmwareRange<5.44\(acjb.1\)c0

AND

zyxelpx3321-t1Match-

Node

zyxelpm7300-t0_firmwareRange<5.42\(abyy.2.2\)c0

AND

zyxelpm7300-t0Match-

Node

zyxelpm5100-t0_firmwareRange<5.42\(acbf.2.1\)c0

AND

zyxelpm5100-t0Match-

Node

zyxelpm3100-t0_firmwareRange<5.42\(acbf.2.1\)c0

AND

zyxelpm3100-t0Match-

Node

zyxelax7501-b1_firmwareRange<5.17\(abpc.5.2\)c0

AND

zyxelax7501-b1Match-

Node

zyxelvmg8825-t50k_firmwareRange<5.50\(abom.8.4\)c0

AND

zyxelvmg8825-t50kMatch-

Node

zyxelvmg8623-t50b_firmwareRange<5.50\(abpm.9.2\)c0

AND

zyxelvmg8623-t50bMatch-

Node

zyxelvmg4005-b60a_firmwareRange<5.17\(abqa.2.2\)c0

AND

zyxelvmg4005-b60aMatch-

Node

zyxelvmg4005-b50a_firmwareRange<5.17\(abqa.2.2\)c0

AND

zyxelvmg4005-b50aMatch-

Node

zyxelvmg3927-t50k_firmwareRange<5.50\(abom.8.4\)c0

AND

zyxelvmg3927-t50kMatch-

Node

zyxelvmg3625-t50b_firmwareRange<5.50\(abpm.9.2\)c0

AND

zyxelvmg3625-t50bMatch-

Node

zyxelemg5723-t50k_firmwareRange<5.50\(abom.8.4\)c0

AND

zyxelemg5723-t50kMatch-

Node

zyxelemg5523-t50b_firmwareRange<5.50\(abpm.9.2\)c0

AND

zyxelemg5523-t50bMatch-

Node

zyxelemg3525-t50b_firmwareRange<5.50\(abpm.9.2\)c0

AND

zyxelemg3525-t50bMatch-

Node

zyxelex7710-b0_firmwareRange<5.18\(acak.1\)c1

AND

zyxelex7710-b0Match-

Node

zyxelex7501-b0_firmwareRange<5.18\(achn.1.2\)c0

AND

zyxelex7501-b0Match-

Node

zyxelex5601-t1_firmwareRange<5.70\(acdz.3.2\)c0

AND

zyxelex5601-t1Match-

Node

zyxelex5601-t0_firmwareRange<5.70\(acdz.3.2\)c0

AND

zyxelex5601-t0Match-

Node

zyxelex5512-t0_firmwareRange<5.70\(aceg.3\)c2

AND

zyxelex5512-t0Match-

Node

zyxelex5510-b0_firmwareRange<5.17\(abqx.10\)c0

AND

zyxelex5510-b0Match-

Node

zyxelex5401-b1_firmwareRange<5.17\(abyo.6.2\)c0

AND

zyxelex5401-b1Match-

Node

zyxelex5401-b0_firmwareRange<5.17\(abyo.6.2\)c0

AND

zyxelex5401-b0Match-

Node

zyxelex3600-t0_firmwareRange<5.70\(acif.0.3\)c0

AND

zyxelex3600-t0Match-

Node

zyxelex3510-b1_firmwareRange<5.17\(abup.12\)c0

AND

zyxelex3510-b1Match-

Node

zyxelex3510-b0_firmwareRange<5.17\(abup.12\)c0

AND

zyxelex3510-b0Match-

Node

zyxelex3501-t0_firmwareRange<5.44\(achr.2\)c0

AND

zyxelex3501-t0Match-

Node

zyxelex3500-t0_firmwareRange<5.44\(achr.2\)c0

AND

zyxelex3500-t0Match-

Node

zyxelex3301-t0_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxelex3301-t0Match-

Node

zyxelex3300-t1_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxelex3300-t1Match-

Node

zyxelex3300-t0_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxelex3300-t0Match-

Node

zyxeldx5401-b1_firmwareRange<5.17\(abyo.6.2\)c0

AND

zyxeldx5401-b1Match-

Node

zyxeldx5401-b0_firmwareRange<5.17\(abyo.6.2\)c0

AND

zyxeldx5401-b0Match-

Node

zyxeldx4510-b1_firmwareRange<5.17\(abyl.7\)c0

AND

zyxeldx4510-b1Match-

Node

zyxeldx4510-b0_firmwareRange<5.17\(abyl.7\)c0

AND

zyxeldx4510-b0Match-

Node

zyxeldx3301-t0_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxeldx3301-t0Match-

Node

zyxeldx3300-t1_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxeldx3300-t1Match-

Node

zyxeldx3300-t0_firmwareRange<5.50\(abvy.5.3\)c0

AND

zyxeldx3300-t0Match-

VendorProductVersionCPE
zyxelwx5600-t0_firmware*cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*
zyxelwx5600-t0-cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*
zyxelwx3401-b0_firmware*cpe:2.3:o:zyxel:wx3401-b0_firmware:*:*:*:*:*:*:*:*
zyxelwx3401-b0-cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:*
zyxelwx3100-t0_firmware*cpe:2.3:o:zyxel:wx3100-t0_firmware:*:*:*:*:*:*:*:*
zyxelwx3100-t0-cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*
zyxelscr50axe_firmware*cpe:2.3:o:zyxel:scr50axe_firmware:*:*:*:*:*:*:*:*
zyxelscr50axe-cpe:2.3:h:zyxel:scr50axe:-:*:*:*:*:*:*:*
zyxelpx3321-t1_firmware*cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*
zyxelpx3321-t1-cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	wx5600-t0_firmware	*	cpe:2.3:o:zyxel:wx5600-t0_firmware::::::::
zyxel	wx5600-t0	-	cpe:2.3:h:zyxel:wx5600-t0:-:::::::*
zyxel	wx3401-b0_firmware	*	cpe:2.3:o:zyxel:wx3401-b0_firmware::::::::
zyxel	wx3401-b0	-	cpe:2.3:h:zyxel:wx3401-b0:-:::::::*
zyxel	wx3100-t0_firmware	*	cpe:2.3:o:zyxel:wx3100-t0_firmware::::::::
zyxel	wx3100-t0	-	cpe:2.3:h:zyxel:wx3100-t0:-:::::::*
zyxel	scr50axe_firmware	*	cpe:2.3:o:zyxel:scr50axe_firmware::::::::
zyxel	scr50axe	-	cpe:2.3:h:zyxel:scr50axe:-:::::::*
zyxel	px3321-t1_firmware	*	cpe:2.3:o:zyxel:px3321-t1_firmware::::::::
zyxel	px3321-t1	-	cpe:2.3:h:zyxel:px3321-t1:-:::::::*

Rows per page:

1-10 of 821

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMG8825-T50K firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "<= 5.50(ABOM.8)C0"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

14.1%

JSON

Related for CVE-2024-38269