CVE-2024-38269

MEDIUM EPSS 33.1%
Published Sep 24, 20241y ago · Modified Jun 17, 20262w ago
4.9 CVSS 3.1
Medium
Find Similar
Published Sep 24, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

CVSS Details

Base Score
4.9
Exploitability
1.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
33.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 82

VendorProductVersionRange
zyxelwx5600-t0_firmware* <5.70\(aceb.3.2\)c0
zyxelwx5600-t0*any
zyxelwx3401-b0_firmware* <5.17\(abve.2.5\)c0
zyxelwx3401-b0*any
zyxelwx3100-t0_firmware* <5.50\(abvl.4.3\)c0
zyxelwx3100-t0*any
zyxelscr50axe_firmware* <1.10\(acgn.3\)c0
zyxelscr_50axe*any
zyxelpx3321-t1_firmware* <5.44\(acjb.1\)c0
zyxelpx3321-t1*any
zyxelpm7300-t0_firmware* <5.42\(abyy.2.2\)c0
zyxelpm7300-t0*any
zyxelpm5100-t0_firmware* <5.42\(acbf.2.1\)c0
zyxelpm5100-t0*any
zyxelpm3100-t0_firmware* <5.42\(acbf.2.1\)c0
zyxelpm3100-t0*any
zyxelax7501-b1_firmware* <5.17\(abpc.5.2\)c0
zyxelax7501-b1*any
zyxelvmg8825-t50k_firmware* <5.50\(abom.8.4\)c0
zyxelvmg8825-t50k*any
zyxelvmg8623-t50b_firmware* <5.50\(abpm.9.2\)c0
zyxelvmg8623-t50b*any
zyxelvmg4005-b60a_firmware* <5.17\(abqa.2.2\)c0
zyxelvmg4005-b60a*any
zyxelvmg4005-b50a_firmware* <5.17\(abqa.2.2\)c0
zyxelvmg4005-b50a*any
zyxelvmg3927-t50k_firmware* <5.50\(abom.8.4\)c0
zyxelvmg3927-t50k*any
zyxelvmg3625-t50b_firmware* <5.50\(abpm.9.2\)c0
zyxelvmg3625-t50b*any
zyxelemg5723-t50k_firmware* <5.50\(abom.8.4\)c0
zyxelemg5723-t50k*any
zyxelemg5523-t50b_firmware* <5.50\(abpm.9.2\)c0
zyxelemg5523-t50b*any
zyxelemg3525-t50b_firmware* <5.50\(abpm.9.2\)c0
zyxelemg3525-t50b*any
zyxelex7710-b0_firmware* <5.18\(acak.1\)c1
zyxelex7710-b0*any
zyxelex7501-b0_firmware* <5.18\(achn.1.2\)c0
zyxelex7501-b0*any
zyxelex5601-t1_firmware* <5.70\(acdz.3.2\)c0
zyxelex5601-t1*any
zyxelex5601-t0_firmware* <5.70\(acdz.3.2\)c0
zyxelex5601-t0*any
zyxelex5512-t0_firmware* <5.70\(aceg.3\)c2
zyxelex5512-t0*any
zyxelex5510-b0_firmware* <5.17\(abqx.10\)c0
zyxelex5510-b0*any
zyxelex5401-b1_firmware* <5.17\(abyo.6.2\)c0
zyxelex5401-b1*any
zyxelex5401-b0_firmware* <5.17\(abyo.6.2\)c0
zyxelex5401-b0*any
zyxelex3600-t0_firmware* <5.70\(acif.0.3\)c0
zyxelex3600-t0*any
zyxelex3510-b1_firmware* <5.17\(abup.12\)c0
zyxelex3510-b1*any
zyxelex3510-b0_firmware* <5.17\(abup.12\)c0
zyxelex3510-b0*any
zyxelex3501-t0_firmware* <5.44\(achr.2\)c0
zyxelex3501-t0*any
zyxelex3500-t0_firmware* <5.44\(achr.2\)c0
zyxelex3500-t0*any
zyxelex3301-t0_firmware* <5.50\(abvy.5.3\)c0
zyxelex3301-t0*any
zyxelex3300-t1_firmware* <5.50\(abvy.5.3\)c0
zyxelex3300-t1*any
zyxelex3300-t0_firmware* <5.50\(abvy.5.3\)c0
zyxelex3300-t0*any
zyxeldx5401-b1_firmware* <5.17\(abyo.6.2\)c0
zyxeldx5401-b1*any
zyxeldx5401-b0_firmware* <5.17\(abyo.6.2\)c0
zyxeldx5401-b0*any
zyxeldx4510-b1_firmware* <5.17\(abyl.7\)c0
zyxeldx4510-b1*any
zyxeldx4510-b0_firmware* <5.17\(abyl.7\)c0
zyxeldx4510-b0*any
zyxeldx3301-t0_firmware* <5.50\(abvy.5.3\)c0
zyxeldx3301-t0*any
zyxeldx3300-t1_firmware* <5.50\(abvy.5.3\)c0
zyxeldx3300-t1*any
zyxeldx3300-t0_firmware* <5.50\(abvy.5.3\)c0
zyxeldx3300-t0*any

References 1

  • zyxel.com https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.