Post-Authentication Buffer Overflow Vulnerability Could Lead to DoS
CVE-2024-9197

4.9MEDIUM

Key Information:

Vendor
Zyxel
Status
Vmg3625-t50b Firmware
Vendor
CVE Published:
3 December 2024

Summary

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

Affected Version(s)

VMG3625-T50B firmware <= V5.50(ABPM.9.2)C0

References

https://www.zyxel.com/global/en/support/security-advisori...
vendor-advisory

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.