CVE-2024-38266

CWE-119 — Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 60.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Ax7501-b0 Firmware Zyxel Ax7501-b1 Firmware Zyxel Dx3300-t0 Firmware +39 more

Timeline

PublishedSep 24

Description

An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages43 packages

▶NVDzyxel/vmg8825-t50k_firmware< 5.50\(abom.8\)c0+1

▶CVEListV5zyxel/vmg8825-t50k_firmware5.50(ABOM.8)C0

▶NVDzyxel/emg5723-t50k_firmware< 5.50\(abom.8\)c0

▶NVDzyxel/vmg3927-t50k_firmware< 5.50\(abom.8\)c0

▶NVDzyxel/scr50axe_firmware< 1.10\(acgn.3\)c0

🔴Vulnerability Details

GHSA

GHSA-gqfj-476x-27wc: An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions th↗2024-09-24

▶

CVEList

CVE-2024-38266: An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions th↗2024-09-24

▶