CVE-2022-26414

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 88.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Ax7501-b0 Firmware Zyxel Dx5401-b0 Firmware Zyxel Emg3525-t50b Firmware +29 more

Timeline

PublishedApr 11

Latest updateApr 12

Description

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages33 packages

▶CVEListV5zyxel/vmg3312-t20a_firmwareV5.30(ABFX.5)C0

▶NVDzyxel/vmg3312-t20a_firmware5.30\(abfx.5\)c0

▶NVDzyxel/ep240p_firmware< 5.40\(abh.0\)c0

▶NVDzyxel/ax7501-b0_firmware< 5.17\(abpc.1\)c0

▶NVDzyxel/dx5401-b0_firmware< 5.17\(abyo.1\)c0

🔴Vulnerability Details

GHSA

GHSA-wvj8-qqh4-8vmv: A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5↗2022-04-12

▶

CVEList

CVE-2022-26414: A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5↗2022-04-11

▶