CVE-2024-38267
https://notcve.org/view.php?id=CVE-2024-38267
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2024-38266
https://notcve.org/view.php?id=CVE-2024-38266
An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2024-6342
https://notcve.org/view.php?id=CVE-2024-6342
A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-nas-products-09-10-2024 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-7261
https://notcve.org/view.php?id=CVE-2024-7261
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-1575
https://notcve.org/view.php?id=CVE-2024-1575
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. La vulnerabilidad de administración de privilegios incorrecta en la versión 6.70 (ACGG.3) del firmware Zyxel WBE660S y versiones anteriores podría permitir a un usuario autenticado escalar privilegios y descargar los archivos de configuración en un dispositivo vulnerable. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024 • CWE-269: Improper Privilege Management •