CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2024-5412
https://notcve.org/view.php?id=CVE-2024-5412
03 Sep 2024 — A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-some-5g-nr-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-devices-09-03-2024 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 96EXPL: 0CVE-2022-43391
https://notcve.org/view.php?id=CVE-2022-43391
11 Jan 2023 — A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 96EXPL: 0CVE-2022-43392
https://notcve.org/view.php?id=CVE-2022-43392
11 Jan 2023 — A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 78EXPL: 0CVE-2022-43390
https://notcve.org/view.php?id=CVE-2022-43390
11 Jan 2023 — A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request. Una vulnerabilidad de inyección de comandos en el programa CGI del firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podría permitir a un atacante autenticado ejecutar algunos comandos del sistema operativo en un dispositivo vulnerable enviando una solicitud HTTP manipulada... • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.0EPSS: 0%CPEs: 66EXPL: 0CVE-2022-26414
https://notcve.org/view.php?id=CVE-2022-26414
11 Apr 2022 — A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service. Se ha identificado una potencial vulnerabilidad de desbordamiento de búfer en algunas funciones internas del firmware de Zyxel VMG3312-T20A versión 5.30(ABFX.5)C0, que podría ser aprovechada por un atacante local autenticado para causar una denegación de servicio • https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.0EPSS: 0%CPEs: 66EXPL: 0CVE-2022-26413
https://notcve.org/view.php?id=CVE-2022-26413
11 Apr 2022 — A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. Una vulnerabilidad de inyección de comandos en el programa CGI del firmware de Zyxel VMG3312-T20A versión 5.30(ABFX.5)C0, podría permitir a un atacante local autenticado ejecutar comandos arbitrarios del Sistema Operativo en un dispositivo vulnerable por medio de una interfaz LAN • https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •