Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-5q23-39rg-fgrp
Vulnerability from github
Published
2024-12-03 03:31
Modified
2024-12-03 03:31
Severity ?
Details
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
{ affected: [], aliases: [ "CVE-2024-8748", ], database_specific: { cwe_ids: [ "CWE-120", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2024-12-03T02:15:17Z", severity: "HIGH", }, details: "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.", id: "GHSA-5q23-39rg-fgrp", modified: "2024-12-03T03:31:27Z", published: "2024-12-03T03:31:27Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8748", }, { type: "WEB", url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
cve-2024-8748
Vulnerability from cvelistv5
Published
2024-12-03 01:15
Modified
2024-12-03 16:31
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG8825-T50K firmware |
Version: <= V5.50(ABOM.8.4)C0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vmg8825-t50k_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.50\\(abom.8.4\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "lte3301-plus_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "1.00\\(abqu.5\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "lte5388-m804_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "1.00\\(absq.4\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "lte5398-m904_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "1.00\\(abqv.4\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:lte7480-m804_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "lte7480-m804_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "1.00\\(abra.9\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:lte7490-m904_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "lte7490-m904_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "1.00\\(abqy.8\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:nr7101_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nr7101_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "1.00\\(abuv.10\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:nr7102_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nr7102_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "v1.00\\(abyd.3\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:nebula_nr5101_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nebula_nr5101_firmware", vendor: "zyxel", versions: [ { lessThan: "1.16\\(accg.0\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:nebula_nr7101_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nebula_nr7101_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "1.16\\(accc.0\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nebula_lte3301-plus_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "1.18\\(acca.4\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:dx3300-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dx3300-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.50\\(abvy.5.3\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:dx3300-t1_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dx3300-t1_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.50(abvy.5.3)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dx3301-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.50\\(abvy.5.3\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:dx4510-b0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dx4510-b0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.17\\(abyl.7\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dx4510-b1_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.17\\(abyl.7\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dx5401-b0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.17\\(abyo.6.3\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:dx5401_b1_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dx5401_b1_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.17\\(abyo.6.3\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:ee6510-10_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ee6510-10_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.19\\(acjq.0\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:ex2210-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ex2210-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.50\\(acdi.1\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wx3100-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.50\\(abvl.4.3\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wx3401-b0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.17\\(abve.2.5\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:wx3401-b1_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wx3401-b1_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.17(abve.2.5)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wx5600-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.70\\(aceb.3.2\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:wx5610-b0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wx5610-b0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.18\\(acgj.0\\)c2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ax7501-b0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.17\\(abpc.5.2\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:ax7501-b1_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ax7501-b1_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.17\\(abpc.5.2\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "pm3100-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.42(acbf.2.1)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "pm5100-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.42\\(acbf.2.1\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "pm7300-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.42\\(abyy.2.2\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:pm7500-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "pm7500-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.61\\(ackk.0\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:px3321-t1_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "px3321-t1_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.44\\(acjb.1\\)c0", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "5.44\\(achk.0.2\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:px5301-t0_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "px5301-t0_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.44\\(ackb.0\\)c0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8748", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T14:40:11.917455Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T16:31:58.508Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "VMG8825-T50K firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= V5.50(ABOM.8.4)C0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.", }, ], value: "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T01:34:18.062Z", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2024-8748", datePublished: "2024-12-03T01:15:46.610Z", dateReserved: "2024-09-12T07:51:38.916Z", dateUpdated: "2024-12-03T16:31:58.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.