Attackers Can Cause DoS Conditions with Targeted Packets Against Zyxel Devices
CVE-2024-42058

7.5HIGH

Key Information:

Vendor: Zyxel
Status: Atp Series Firmware; Usg Flex Series Firmware; Usg Flex 50(w) Series Firmware; Usg20(w)-vpn Series Firmware
Vendor: CVE Published:; 3 September 2024

What is CVE-2024-42058?

A null pointer dereference vulnerability exists in the firmware of various Zyxel firewall products, including the ATP series and the USG FLEX series. This flaw allows unauthenticated attackers to send specially crafted packets to the affected devices, potentially leading to denial-of-service (DoS) conditions. Devices running the specified firmware versions are susceptible to disruptions, underlining the importance of prompt updates and patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

ATP series firmware versions V4.32 through V5.38

USG FLEX 50(W) series firmware versions V5.20 through V5.38

USG FLEX series firmware versions V4.50 through V5.38

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2024
Vulnerability Reserved
Jul 29, 2024