Lucene search

ZyxelCVE-2024-42058

HistorySep 03, 2024 - 2:15 a.m.

CVE-2024-42058

2024-09-0302:15:04

CWE-476

Zyxel

web.nvd.nist.gov

zyxel atp

usg flex

usg20(w)-vpn

null pointer dereference

unauthenticated attacker

dos attack

crafted packets

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.

Affected configurations

Nvd

Node

zyxelzld_firmwareRange4.32–5.39

AND

zyxelatp100Match-

zyxelatp100wMatch-

zyxelatp200Match-

zyxelatp500Match-

zyxelatp700Match-

zyxelatp800Match-

Node

zyxelzld_firmwareRange4.50–5.39

AND

zyxelusg_flex_100Match-

zyxelusg_flex_100axMatch-

zyxelusg_flex_100wMatch-

zyxelusg_flex_200Match-

zyxelusg_flex_50Match-

zyxelusg_flex_500Match-

zyxelusg_flex_700Match-

Node

zyxelzld_firmwareRange4.20–5.39

AND

zyxelusg_flex_50wMatch-

Node

zyxelzld_firmwareRange4.20–5.39

AND

zyxelusg_20w-vpnMatch-

VendorProductVersionCPE
zyxelzld_firmware*cpe:2.3:o:zyxel:zld_firmware:*:*:*:*:*:*:*:*
zyxelatp100-cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*
zyxelatp100w-cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*
zyxelatp200-cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*
zyxelatp500-cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*
zyxelatp700-cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*
zyxelatp800-cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*
zyxelusg_flex_100-cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
zyxelusg_flex_100ax-cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*
zyxelusg_flex_100w-cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	zld_firmware	*	cpe:2.3:o:zyxel:zld_firmware::::::::
zyxel	atp100	-	cpe:2.3:h:zyxel:atp100:-:::::::*
zyxel	atp100w	-	cpe:2.3:h:zyxel:atp100w:-:::::::*
zyxel	atp200	-	cpe:2.3:h:zyxel:atp200:-:::::::*
zyxel	atp500	-	cpe:2.3:h:zyxel:atp500:-:::::::*
zyxel	atp700	-	cpe:2.3:h:zyxel:atp700:-:::::::*
zyxel	atp800	-	cpe:2.3:h:zyxel:atp800:-:::::::*
zyxel	usg_flex_100	-	cpe:2.3:h:zyxel:usg_flex_100:-:::::::*
zyxel	usg_flex_100ax	-	cpe:2.3:h:zyxel:usg_flex_100ax:-:::::::*
zyxel	usg_flex_100w	-	cpe:2.3:h:zyxel:usg_flex_100w:-:::::::*

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions V4.32 through V5.38"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions V4.50 through V5.38"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX 50(W) series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions V5.20 through V5.38"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG20(W)-VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions V5.20 through V5.38"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

Related for CVE-2024-42058