CVE-2024-38267

CWE-119 — Buffer Overflow3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 60.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Ax7501-b1 Firmware Zyxel Dx3300-t0 Firmware Zyxel Dx3300-t1 Firmware +38 more

Timeline

PublishedSep 24

Description

An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages42 packages

▶NVDzyxel/vmg8825-t50k_firmware< 5.50\(abom.8.4\)c0

▶CVEListV5zyxel/vmg8825-t50k_firmware5.50(ABOM.8)C0

▶NVDzyxel/emg5723-t50k_firmware< 5.50\(abom.8.4\)c0

▶NVDzyxel/vmg3927-t50k_firmware< 5.50\(abom.8.4\)c0

▶NVDzyxel/scr50axe_firmware< 1.10\(acgn.3\)c0

🔴Vulnerability Details

CVEList

CVE-2024-38267: An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions thro↗2024-09-24

▶

GHSA

GHSA-wcpv-2537-498x: An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions thro↗2024-09-24

▶