CVE-2024-9197

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-9197
A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:dx4510-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx4510-b0:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:zyxel:ex3510-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3510-b1:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:zyxel:ex5600-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex7501-b0:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3600-t0:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*
History

21 Jan 2025, 21:18

Type Values Removed Values Added
First Time Zyxel dx5401-b1 Firmware
Zyxel ex5501-b0 Firmware
Zyxel px3321-t1
Zyxel ex3600-t0 Firmware
Zyxel ex3500-t0 Firmware
Zyxel dx3300-t0
Zyxel ex5601-t1
Zyxel ex3300-t0 Firmware
Zyxel ax7501-b1
Zyxel vmg8623-t50b
Zyxel ex5601-t0 Firmware
Zyxel ex3501-t0 Firmware
Zyxel ex3301-t0
Zyxel ex3300-t1 Firmware
Zyxel ax7501-b1 Firmware
Zyxel ex3510-b1 Firmware
Zyxel dx5401-b0
Zyxel ex3501-t0
Zyxel dx4510-b0
Zyxel dx4510-b1
Zyxel vmg8825-t50k Firmware
Zyxel emg5723-t50k Firmware
Zyxel px5301-t0
Zyxel vmg8825-t50k
Zyxel ex5510-b0 Firmware
Zyxel emg3525-t50b Firmware
Zyxel ex5601-t1 Firmware
Zyxel vmg3625-t50b
Zyxel ex5401-b1
Zyxel ex3510-b0
Zyxel ex5401-b1 Firmware
Zyxel dx4510-b1 Firmware
Zyxel dx3301-t0
Zyxel emg5723-t50k
Zyxel vmg3625-t50b Firmware
Zyxel ex5401-b0
Zyxel ex5401-b0 Firmware
Zyxel dx3301-t0 Firmware
Zyxel emg5523-t50b Firmware
Zyxel wx5600-t0
Zyxel ax7501-b0
Zyxel ex3301-t0 Firmware
Zyxel dx5401-b1
Zyxel ex5501-b0
Zyxel ee6510-10
Zyxel ex3300-t0
Zyxel px3321-t1 Firmware
Zyxel ex5600-t1
Zyxel ex3300-t1
Zyxel px5301-t0 Firmware
Zyxel dx3300-t1 Firmware
Zyxel wx5600-t0 Firmware
Zyxel dx3300-t0 Firmware
Zyxel vmg3927-t50k Firmware
Zyxel ex5510-b0
Zyxel vmg3927-t50k
Zyxel ex3510-b1
Zyxel ex3600-t0
Zyxel ex7501-b0 Firmware
Zyxel dx5401-b0 Firmware
Zyxel ee6510-10 Firmware
Zyxel ax7501-b0 Firmware
Zyxel ex5600-t1 Firmware
Zyxel ex3500-t0
Zyxel ex3510-b0 Firmware
Zyxel dx4510-b0 Firmware
Zyxel
Zyxel ex7501-b0
Zyxel vmg8623-t50b Firmware
Zyxel dx3300-t1
Zyxel ex5601-t0
Zyxel emg5523-t50b
Zyxel emg3525-t50b
CPE cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex7501-b0:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3510-b1:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3600-t0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:dx4510-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex5600-t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx4510-b0:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex3510-b1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*
References () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024 - () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024 - Vendor Advisory
Summary
  • (es) Una vulnerabilidad de desbordamiento de búfer posterior a la autenticación en el parámetro "acción" del programa CGI en las versiones de firmware Zyxel VMG3625-T50B hasta V5.50(ABPM.9.2)C0 podría permitir que un atacante autenticado con privilegios de administrador provoque una condición de denegación de servicio (DoS) temporal contra la interfaz de administración web al enviar una solicitud HTTP GET manipulada a un dispositivo vulnerable si la función ZyEE está habilitada.

03 Dec 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-03 02:15

Updated : 2025-01-21 21:18

NVD link : CVE-2024-9197

Mitre link : CVE-2024-9197

CVE.ORG link : CVE-2024-9197

JSON object : View

Products Affected

zyxel

  • emg5723-t50k
  • ex5401-b0
  • ex5401-b0_firmware
  • emg3525-t50b_firmware
  • ex5601-t0
  • vmg8623-t50b
  • ex3301-t0
  • emg5723-t50k_firmware
  • vmg8825-t50k_firmware
  • px3321-t1_firmware
  • wx5600-t0
  • ee6510-10
  • emg5523-t50b
  • vmg3927-t50k
  • vmg8623-t50b_firmware
  • ex5510-b0_firmware
  • dx5401-b0
  • ex3300-t0_firmware
  • dx3300-t0
  • dx3300-t1_firmware
  • ex3500-t0
  • ex3501-t0
  • ex3510-b1_firmware
  • dx3301-t0_firmware
  • ex5510-b0
  • ex5600-t1_firmware
  • dx4510-b0
  • ax7501-b0
  • wx5600-t0_firmware
  • ax7501-b1
  • px5301-t0_firmware
  • dx5401-b1_firmware
  • ex3301-t0_firmware
  • emg5523-t50b_firmware
  • ex5601-t1_firmware
  • vmg3625-t50b_firmware
  • ex5401-b1
  • vmg3927-t50k_firmware
  • ax7501-b1_firmware
  • ex3510-b0_firmware
  • ex3600-t0_firmware
  • vmg3625-t50b
  • ex3510-b0
  • ex3510-b1
  • px3321-t1
  • px5301-t0
  • dx5401-b0_firmware
  • ee6510-10_firmware
  • ex7501-b0_firmware
  • dx4510-b1_firmware
  • ex5401-b1_firmware
  • ex7501-b0
  • dx4510-b1
  • ex3600-t0
  • ex3501-t0_firmware
  • dx4510-b0_firmware
  • ax7501-b0_firmware
  • ex5601-t0_firmware
  • ex3300-t1
  • ex5501-b0
  • ex5601-t1
  • dx3300-t1
  • vmg8825-t50k
  • dx3301-t0
  • ex5600-t1
  • dx5401-b1
  • ex3500-t0_firmware
  • ex5501-b0_firmware
  • emg3525-t50b
  • dx3300-t0_firmware
  • ex3300-t0
  • ex3300-t1_firmware
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')