CVE-2024-9197
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.
Una vulnerabilidad de desbordamiento de búfer posterior a la autenticación en el parámetro "acción" del programa CGI en las versiones de firmware Zyxel VMG3625-T50B hasta V5.50(ABPM.9.2)C0 podría permitir que un atacante autenticado con privilegios de administrador provoque una condición de denegación de servicio (DoS) temporal contra la interfaz de administración web al enviar una solicitud HTTP GET manipulada a un dispositivo vulnerable si la función ZyEE está habilitada.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-09-26 CVE Reserved
- 2024-12-03 CVE Published
- 2024-12-03 CVE Updated
- 2024-12-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zyxel Search vendor "Zyxel" | VMG3625-T50B Firmware Search vendor "Zyxel" for product "VMG3625-T50B Firmware" | <= 5.50 Search vendor "Zyxel" for product "VMG3625-T50B Firmware" and version " <= 5.50" | en |
Affected
| ||||||