cnvd - cnvd-2024-46251

cnvd-2024-46251

Vulnerability from cnvd

Title

Zyxel P-6101C授权问题漏洞

Description

Zyxel P-6101C是中国合勤（Zyxel）公司的一款无线路由器。 Zyxel P-6101C存在授权问题漏洞，该漏洞源于身份验证不当。攻击者可利用该漏洞通过特制的HTTP HEAD方法读取某些设备信息。

Severity

高

Formal description

厂商尚未发布漏洞修复程序，请及时关注更新： https://gist.github.com/stevenyu113228/78e0169d2ff110e9a65539eb29660d25

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-11494

Impacted products

Name
ZyXEL p6101c p-6101cs6ap_20140331

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-11494",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-11494"
    }
  },
  "description": "Zyxel P-6101C\u662f\u4e2d\u56fd\u5408\u52e4\uff08Zyxel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nZyxel P-6101C\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684HTTP HEAD\u65b9\u6cd5\u8bfb\u53d6\u67d0\u4e9b\u8bbe\u5907\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://gist.github.com/stevenyu113228/78e0169d2ff110e9a65539eb29660d25",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-46251",
  "openTime": "2024-11-27",
  "products": {
    "product": "ZyXEL p6101c p-6101cs6ap_20140331"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-11494",
  "serverity": "\u9ad8",
  "submitTime": "2024-11-26",
  "title": "Zyxel P-6101C\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2024-11494 (GCVE-0-2024-11494)

Vulnerability from cvelistv5

Published

2024-11-20 09:36

Modified

2024-11-20 14:52

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-287 - Improper Authentication

Summary

**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method.

References

URL

Tags

https://gist.github.com/stevenyu113228/78e0169d2ff110e9a65539eb29660d25

Impacted products

	Vendor	Product	Version
	Zyxel	P-6101C firmware	Version: P-6101CSA6AP_20140331

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:zyxel:p610c_firmware:p-610csa6ap_20140331:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "p610c_firmware",
            "vendor": "zyxel",
            "versions": [
              {
                "status": "affected",
                "version": "p-610csa6ap_20140331"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11494",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T14:47:55.218439Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T14:52:28.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "P-6101C firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "P-6101CSA6AP_20140331"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method."
            }
          ],
          "value": "**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-20T09:36:06.694Z",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "url": "https://gist.github.com/stevenyu113228/78e0169d2ff110e9a65539eb29660d25"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2024-11494",
    "datePublished": "2024-11-20T09:36:06.694Z",
    "dateReserved": "2024-11-20T09:01:34.454Z",
    "dateUpdated": "2024-11-20T14:52:28.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.