Lucene search

K
cvelistZyxelCVELIST:CVE-2023-37929
HistoryMay 21, 2024 - 1:23 a.m.

CVE-2023-37929

2024-05-2101:23:53
CWE-120
Zyxel
www.cve.org
buffer overflow
vmg3625-t50b
firmware
authenticated remote
denial of service
http request
vulnerable device

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "V5.50(ABPM.8)C0 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V5.50(ABPM.8)C0"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

Related for CVELIST:CVE-2023-37929