Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for lte3301-plus_firmware by zyxel

    CVE-2025-13942 (GCVE-0-2025-13942)

    Vulnerability from nvd – Published: 2026-02-24 02:32 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel EX3510-B0 firmware Affected: <= 5.17(ABUP.15.1)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13942",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T04:55:38.008415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:10.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EX3510-B0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.17(ABUP.15.1)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests."
                }
              ],
              "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T02:32:18.934Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-13942",
        "datePublished": "2026-02-24T02:32:18.934Z",
        "dateReserved": "2025-12-03T05:28:13.264Z",
        "dateUpdated": "2026-02-26T14:44:10.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11847 (GCVE-0-2025-11847)

    Vulnerability from nvd – Published: 2026-02-24 02:09 – Updated: 2026-02-24 20:27
    VLAI
    Summary
    A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11847",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T20:26:59.137888Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T20:27:08.473Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VMG3625-T50B firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABPM.9.6)C0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WX3100-T0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABVL.4.8)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel\u0026nbsp;VMG3625-T50B firmware versions through\u0026nbsp;5.50(ABPM.9.6)C0 and the Zyxel\u0026nbsp;WX3100-T0 firmware versions through\u0026nbsp;5.50(ABVL.4.8)C0\u0026nbsp;could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
                }
              ],
              "value": "A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel\u00a0VMG3625-T50B firmware versions through\u00a05.50(ABPM.9.6)C0 and the Zyxel\u00a0WX3100-T0 firmware versions through\u00a05.50(ABVL.4.8)C0\u00a0could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T02:09:44.684Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-11847",
        "datePublished": "2026-02-24T02:09:44.684Z",
        "dateReserved": "2025-10-16T09:31:02.578Z",
        "dateUpdated": "2026-02-24T20:27:08.473Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11846 (GCVE-0-2025-11846)

    Vulnerability from nvd – Published: 2026-02-24 01:37 – Updated: 2026-02-24 16:09
    VLAI
    Summary
    A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11846",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T16:07:02.451080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T16:09:10.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VMG3625-T50B firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABPM.9.6)C0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WX3100-T0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABVL.4.8)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware\u0026nbsp;versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
                }
              ],
              "value": "A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware\u00a0versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T01:37:57.257Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-11846",
        "datePublished": "2026-02-24T01:37:57.257Z",
        "dateReserved": "2025-10-16T09:31:00.608Z",
        "dateUpdated": "2026-02-24T16:09:10.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11845 (GCVE-0-2025-11845)

    Vulnerability from nvd – Published: 2026-02-24 01:30 – Updated: 2026-02-24 16:12
    VLAI
    Summary
    A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11845",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T16:11:24.322811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T16:12:02.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VMG3625-T50B firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABPM.9.6)C0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WX3100-T0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABVL.4.8)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
                }
              ],
              "value": "A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T01:30:50.433Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-11845",
        "datePublished": "2026-02-24T01:30:50.433Z",
        "dateReserved": "2025-10-16T09:30:58.346Z",
        "dateUpdated": "2026-02-24T16:12:02.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6599 (GCVE-0-2025-6599)

    Vulnerability from nvd – Published: 2025-11-18 01:19 – Updated: 2025-11-18 16:35
    VLAI
    Summary
    An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel DX3301-T0 firmware Affected: <= 5.50(ABVY.6.3)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:06.732705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:35:31.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DX3301-T0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABVY.6.3)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris\u2011style denial\u2011of\u2011service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.\u003cbr\u003e"
                }
              ],
              "value": "An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris\u2011style denial\u2011of\u2011service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T01:19:47.163Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-6599",
        "datePublished": "2025-11-18T01:19:47.163Z",
        "dateReserved": "2025-06-25T02:16:25.675Z",
        "dateUpdated": "2025-11-18T16:35:31.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8748 (GCVE-0-2024-8748)

    Vulnerability from nvd – Published: 2024-12-03 01:15 – Updated: 2024-12-03 16:31
    VLAI
    Summary
    A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel VMG8825-T50K firmware Affected: <= V5.50(ABOM.8.4)C0
    Create a notification for this product.
    zyxel vmg8825-t50k_firmware Affected: 0 , ≤ 5.50\(abom.8.4\)c0 (custom)
        cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte3301-plus_firmware Affected: 0 , ≤ 1.00\(abqu.5\)c0 (custom)
        cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte5388-m804_firmware Affected: 0 , ≤ 1.00\(absq.4\)c0 (custom)
        cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte5398-m904_firmware Affected: 0 , ≤ 1.00\(abqv.4\)c0 (custom)
        cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte7480-m804_firmware Affected: 0 , ≤ 1.00\(abra.9\)c0 (custom)
        cpe:2.3:o:zyxel:lte7480-m804_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte7490-m904_firmware Affected: 0 , ≤ 1.00\(abqy.8\)c0 (custom)
        cpe:2.3:o:zyxel:lte7490-m904_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nr7101_firmware Affected: 0 , ≤ 1.00\(abuv.10\)c0 (custom)
        cpe:2.3:o:zyxel:nr7101_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nr7102_firmware Affected: 0 , ≤ v1.00\(abyd.3\)c0 (custom)
        cpe:2.3:o:zyxel:nr7102_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nebula_nr5101_firmware Affected: 0 , < 1.16\(accg.0\)c0 (custom)
        cpe:2.3:o:zyxel:nebula_nr5101_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nebula_nr7101_firmware Affected: 0 , ≤ 1.16\(accc.0\)c0 (custom)
        cpe:2.3:o:zyxel:nebula_nr7101_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nebula_lte3301-plus_firmware Affected: 0 , ≤ 1.18\(acca.4\)c0 (custom)
        cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx3300-t0_firmware Affected: 0 , ≤ 5.50\(abvy.5.3\)c0 (custom)
        cpe:2.3:o:zyxel:dx3300-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx3300-t1_firmware Affected: 0 , ≤ 5.50(abvy.5.3)c0 (custom)
        cpe:2.3:o:zyxel:dx3300-t1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx3301-t0_firmware Affected: 0 , ≤ 5.50\(abvy.5.3\)c0 (custom)
        cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx4510-b0_firmware Affected: 0 , ≤ 5.17\(abyl.7\)c0 (custom)
        cpe:2.3:o:zyxel:dx4510-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx4510-b1_firmware Affected: 0 , ≤ 5.17\(abyl.7\)c0 (custom)
        cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx5401-b0_firmware Affected: 0 , ≤ 5.17\(abyo.6.3\)c0 (custom)
        cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx5401_b1_firmware Affected: 0 , ≤ 5.17\(abyo.6.3\)c0 (custom)
        cpe:2.3:o:zyxel:dx5401_b1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel ee6510-10_firmware Affected: 0 , ≤ 5.19\(acjq.0\)c0 (custom)
        cpe:2.3:o:zyxel:ee6510-10_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel ex2210-t0_firmware Affected: 0 , ≤ 5.50\(acdi.1\)c0 (custom)
        cpe:2.3:o:zyxel:ex2210-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx3100-t0_firmware Affected: 0 , ≤ 5.50\(abvl.4.3\)c0 (custom)
        cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx3401-b0_firmware Affected: 0 , ≤ 5.17\(abve.2.5\)c0 (custom)
        cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx3401-b1_firmware Affected: 0 , ≤ 5.17(abve.2.5)c0 (custom)
        cpe:2.3:o:zyxel:wx3401-b1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx5600-t0_firmware Affected: 0 , ≤ 5.70\(aceb.3.2\)c0 (custom)
        cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx5610-b0_firmware Affected: 0 , ≤ 5.18\(acgj.0\)c2 (custom)
        cpe:2.3:o:zyxel:wx5610-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel ax7501-b0_firmware Affected: 0 , ≤ 5.17\(abpc.5.2\)c0 (custom)
        cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel ax7501-b1_firmware Affected: 0 , ≤ 5.17\(abpc.5.2\)c0 (custom)
        cpe:2.3:o:zyxel:ax7501-b1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel pm3100-t0_firmware Affected: 0 , ≤ 5.42(acbf.2.1)c0 (custom)
        cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel pm5100-t0_firmware Affected: 0 , ≤ 5.42\(acbf.2.1\)c0 (custom)
        cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel pm7300-t0_firmware Affected: 0 , ≤ 5.42\(abyy.2.2\)c0 (custom)
        cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel pm7500-t0_firmware Affected: 0 , ≤ 5.61\(ackk.0\)c0 (custom)
        cpe:2.3:o:zyxel:pm7500-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel px3321-t1_firmware Affected: 0 , ≤ 5.44\(acjb.1\)c0 (custom)
    Affected: 0 , ≤ 5.44\(achk.0.2\)c0 (custom)
        cpe:2.3:o:zyxel:px3321-t1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel px5301-t0_firmware Affected: 0 , ≤ 5.44\(ackb.0\)c0 (custom)
        cpe:2.3:o:zyxel:px5301-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vmg8825-t50k_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(abom.8.4\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte3301-plus_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abqu.5\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte5388-m804_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(absq.4\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte5398-m904_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abqv.4\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte7480-m804_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte7480-m804_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abra.9\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte7490-m904_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte7490-m904_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abqy.8\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nr7101_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nr7101_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abuv.10\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nr7102_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nr7102_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "v1.00\\(abyd.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nebula_nr5101_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nebula_nr5101_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThan": "1.16\\(accg.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nebula_nr7101_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nebula_nr7101_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.16\\(accc.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nebula_lte3301-plus_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18\\(acca.4\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx3300-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx3300-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx3300-t1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx3300-t1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50(abvy.5.3)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx3301-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx4510-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx4510-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abyl.7\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx4510-b1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abyl.7\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx5401-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx5401_b1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx5401_b1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:ee6510-10_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ee6510-10_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.19\\(acjq.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:ex2210-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex2210-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(acdi.1\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx3100-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(abvl.4.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx3401-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abve.2.5\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx3401-b1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx3401-b1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17(abve.2.5)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx5600-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.70\\(aceb.3.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx5610-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx5610-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.18\\(acgj.0\\)c2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ax7501-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:ax7501-b1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ax7501-b1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pm3100-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.42(acbf.2.1)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pm5100-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.42\\(acbf.2.1\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pm7300-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.42\\(abyy.2.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:pm7500-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pm7500-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.61\\(ackk.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:px3321-t1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "px3321-t1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.44\\(acjb.1\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.44\\(achk.0.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:px5301-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "px5301-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.44\\(ackb.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8748",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T14:40:11.917455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T16:31:58.508Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VMG8825-T50K firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= V5.50(ABOM.8.4)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
                }
              ],
              "value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T01:34:18.062Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2024-8748",
        "datePublished": "2024-12-03T01:15:46.610Z",
        "dateReserved": "2024-09-12T07:51:38.916Z",
        "dateUpdated": "2024-12-03T16:31:58.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0816 (GCVE-0-2024-0816)

    Vulnerability from nvd – Published: 2024-05-21 01:29 – Updated: 2024-08-01 18:18
    VLAI
    Summary
    The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel DX3300-T1 firmware Affected: V5.50(ABVY.4)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0816",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:09:28.440350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:58:43.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:18:18.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DX3300-T1 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "V5.50(ABVY.4)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device."
                }
              ],
              "value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T01:29:00.883Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2024-0816",
        "datePublished": "2024-05-21T01:29:00.883Z",
        "dateReserved": "2024-01-23T01:35:49.705Z",
        "dateUpdated": "2024-08-01T18:18:18.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43392 (GCVE-0-2022-43392)

    Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2024-11-27 17:13
    VLAI
    Summary
    A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Zyxel NR7101 firmware Affected: < V1.15(ACCC.3)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:58.450Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-08T21:00:52.401931Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-27T17:13:31.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NR7101 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c V1.15(ACCC.3)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\u003c/p\u003e"
                }
              ],
              "value": "A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T06:51:13.677Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-43392",
        "datePublished": "2023-01-11T00:00:00.000Z",
        "dateReserved": "2022-10-18T00:00:00.000Z",
        "dateUpdated": "2024-11-27T17:13:31.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43391 (GCVE-0-2022-43391)

    Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2024-10-15 17:12
    VLAI
    Summary
    A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Zyxel NR7101 firmware Affected: < V1.15(ACCC.3)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:58.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43391",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:12.473207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:12:34.022Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NR7101 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c V1.15(ACCC.3)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\u003c/p\u003e"
                }
              ],
              "value": "A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T06:50:37.887Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-43391",
        "datePublished": "2023-01-11T00:00:00.000Z",
        "dateReserved": "2022-10-18T00:00:00.000Z",
        "dateUpdated": "2024-10-15T17:12:34.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35036 (GCVE-0-2021-35036)

    Vulnerability from nvd – Published: 2022-03-01 06:20 – Updated: 2024-08-04 00:33
    VLAI
    Summary
    A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel VMG3625-T50B firmware Affected: V5.50(ABTL.0)b2k
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:49.906Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMG3625-T50B firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "V5.50(ABTL.0)b2k"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312: Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-27T13:19:55.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2021-35036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMG3625-T50B firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V5.50(ABTL.0)b2k"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-312: Cleartext Storage of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2021-35036",
        "datePublished": "2022-03-01T06:20:12.000Z",
        "dateReserved": "2021-06-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:33:49.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-13942 (GCVE-0-2025-13942)

    Vulnerability from cvelistv5 – Published: 2026-02-24 02:32 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel EX3510-B0 firmware Affected: <= 5.17(ABUP.15.1)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13942",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T04:55:38.008415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:10.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EX3510-B0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.17(ABUP.15.1)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests."
                }
              ],
              "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T02:32:18.934Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-13942",
        "datePublished": "2026-02-24T02:32:18.934Z",
        "dateReserved": "2025-12-03T05:28:13.264Z",
        "dateUpdated": "2026-02-26T14:44:10.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11847 (GCVE-0-2025-11847)

    Vulnerability from cvelistv5 – Published: 2026-02-24 02:09 – Updated: 2026-02-24 20:27
    VLAI
    Summary
    A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11847",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T20:26:59.137888Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T20:27:08.473Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VMG3625-T50B firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABPM.9.6)C0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WX3100-T0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABVL.4.8)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel\u0026nbsp;VMG3625-T50B firmware versions through\u0026nbsp;5.50(ABPM.9.6)C0 and the Zyxel\u0026nbsp;WX3100-T0 firmware versions through\u0026nbsp;5.50(ABVL.4.8)C0\u0026nbsp;could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
                }
              ],
              "value": "A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel\u00a0VMG3625-T50B firmware versions through\u00a05.50(ABPM.9.6)C0 and the Zyxel\u00a0WX3100-T0 firmware versions through\u00a05.50(ABVL.4.8)C0\u00a0could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T02:09:44.684Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-11847",
        "datePublished": "2026-02-24T02:09:44.684Z",
        "dateReserved": "2025-10-16T09:31:02.578Z",
        "dateUpdated": "2026-02-24T20:27:08.473Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11846 (GCVE-0-2025-11846)

    Vulnerability from cvelistv5 – Published: 2026-02-24 01:37 – Updated: 2026-02-24 16:09
    VLAI
    Summary
    A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11846",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T16:07:02.451080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T16:09:10.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VMG3625-T50B firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABPM.9.6)C0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WX3100-T0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABVL.4.8)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware\u0026nbsp;versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
                }
              ],
              "value": "A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware\u00a0versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T01:37:57.257Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-11846",
        "datePublished": "2026-02-24T01:37:57.257Z",
        "dateReserved": "2025-10-16T09:31:00.608Z",
        "dateUpdated": "2026-02-24T16:09:10.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11845 (GCVE-0-2025-11845)

    Vulnerability from cvelistv5 – Published: 2026-02-24 01:30 – Updated: 2026-02-24 16:12
    VLAI
    Summary
    A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11845",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T16:11:24.322811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T16:12:02.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VMG3625-T50B firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABPM.9.6)C0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WX3100-T0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABVL.4.8)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
                }
              ],
              "value": "A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T01:30:50.433Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-11845",
        "datePublished": "2026-02-24T01:30:50.433Z",
        "dateReserved": "2025-10-16T09:30:58.346Z",
        "dateUpdated": "2026-02-24T16:12:02.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6599 (GCVE-0-2025-6599)

    Vulnerability from cvelistv5 – Published: 2025-11-18 01:19 – Updated: 2025-11-18 16:35
    VLAI
    Summary
    An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel DX3301-T0 firmware Affected: <= 5.50(ABVY.6.3)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:06.732705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:35:31.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DX3301-T0 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 5.50(ABVY.6.3)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris\u2011style denial\u2011of\u2011service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.\u003cbr\u003e"
                }
              ],
              "value": "An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris\u2011style denial\u2011of\u2011service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T01:19:47.163Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2025-6599",
        "datePublished": "2025-11-18T01:19:47.163Z",
        "dateReserved": "2025-06-25T02:16:25.675Z",
        "dateUpdated": "2025-11-18T16:35:31.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8748 (GCVE-0-2024-8748)

    Vulnerability from cvelistv5 – Published: 2024-12-03 01:15 – Updated: 2024-12-03 16:31
    VLAI
    Summary
    A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel VMG8825-T50K firmware Affected: <= V5.50(ABOM.8.4)C0
    Create a notification for this product.
    zyxel vmg8825-t50k_firmware Affected: 0 , ≤ 5.50\(abom.8.4\)c0 (custom)
        cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte3301-plus_firmware Affected: 0 , ≤ 1.00\(abqu.5\)c0 (custom)
        cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte5388-m804_firmware Affected: 0 , ≤ 1.00\(absq.4\)c0 (custom)
        cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte5398-m904_firmware Affected: 0 , ≤ 1.00\(abqv.4\)c0 (custom)
        cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte7480-m804_firmware Affected: 0 , ≤ 1.00\(abra.9\)c0 (custom)
        cpe:2.3:o:zyxel:lte7480-m804_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel lte7490-m904_firmware Affected: 0 , ≤ 1.00\(abqy.8\)c0 (custom)
        cpe:2.3:o:zyxel:lte7490-m904_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nr7101_firmware Affected: 0 , ≤ 1.00\(abuv.10\)c0 (custom)
        cpe:2.3:o:zyxel:nr7101_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nr7102_firmware Affected: 0 , ≤ v1.00\(abyd.3\)c0 (custom)
        cpe:2.3:o:zyxel:nr7102_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nebula_nr5101_firmware Affected: 0 , < 1.16\(accg.0\)c0 (custom)
        cpe:2.3:o:zyxel:nebula_nr5101_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nebula_nr7101_firmware Affected: 0 , ≤ 1.16\(accc.0\)c0 (custom)
        cpe:2.3:o:zyxel:nebula_nr7101_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel nebula_lte3301-plus_firmware Affected: 0 , ≤ 1.18\(acca.4\)c0 (custom)
        cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx3300-t0_firmware Affected: 0 , ≤ 5.50\(abvy.5.3\)c0 (custom)
        cpe:2.3:o:zyxel:dx3300-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx3300-t1_firmware Affected: 0 , ≤ 5.50(abvy.5.3)c0 (custom)
        cpe:2.3:o:zyxel:dx3300-t1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx3301-t0_firmware Affected: 0 , ≤ 5.50\(abvy.5.3\)c0 (custom)
        cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx4510-b0_firmware Affected: 0 , ≤ 5.17\(abyl.7\)c0 (custom)
        cpe:2.3:o:zyxel:dx4510-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx4510-b1_firmware Affected: 0 , ≤ 5.17\(abyl.7\)c0 (custom)
        cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx5401-b0_firmware Affected: 0 , ≤ 5.17\(abyo.6.3\)c0 (custom)
        cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel dx5401_b1_firmware Affected: 0 , ≤ 5.17\(abyo.6.3\)c0 (custom)
        cpe:2.3:o:zyxel:dx5401_b1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel ee6510-10_firmware Affected: 0 , ≤ 5.19\(acjq.0\)c0 (custom)
        cpe:2.3:o:zyxel:ee6510-10_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel ex2210-t0_firmware Affected: 0 , ≤ 5.50\(acdi.1\)c0 (custom)
        cpe:2.3:o:zyxel:ex2210-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx3100-t0_firmware Affected: 0 , ≤ 5.50\(abvl.4.3\)c0 (custom)
        cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx3401-b0_firmware Affected: 0 , ≤ 5.17\(abve.2.5\)c0 (custom)
        cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx3401-b1_firmware Affected: 0 , ≤ 5.17(abve.2.5)c0 (custom)
        cpe:2.3:o:zyxel:wx3401-b1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx5600-t0_firmware Affected: 0 , ≤ 5.70\(aceb.3.2\)c0 (custom)
        cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel wx5610-b0_firmware Affected: 0 , ≤ 5.18\(acgj.0\)c2 (custom)
        cpe:2.3:o:zyxel:wx5610-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel ax7501-b0_firmware Affected: 0 , ≤ 5.17\(abpc.5.2\)c0 (custom)
        cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel ax7501-b1_firmware Affected: 0 , ≤ 5.17\(abpc.5.2\)c0 (custom)
        cpe:2.3:o:zyxel:ax7501-b1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel pm3100-t0_firmware Affected: 0 , ≤ 5.42(acbf.2.1)c0 (custom)
        cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel pm5100-t0_firmware Affected: 0 , ≤ 5.42\(acbf.2.1\)c0 (custom)
        cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel pm7300-t0_firmware Affected: 0 , ≤ 5.42\(abyy.2.2\)c0 (custom)
        cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel pm7500-t0_firmware Affected: 0 , ≤ 5.61\(ackk.0\)c0 (custom)
        cpe:2.3:o:zyxel:pm7500-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel px3321-t1_firmware Affected: 0 , ≤ 5.44\(acjb.1\)c0 (custom)
    Affected: 0 , ≤ 5.44\(achk.0.2\)c0 (custom)
        cpe:2.3:o:zyxel:px3321-t1_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zyxel px5301-t0_firmware Affected: 0 , ≤ 5.44\(ackb.0\)c0 (custom)
        cpe:2.3:o:zyxel:px5301-t0_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vmg8825-t50k_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(abom.8.4\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte3301-plus_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abqu.5\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte5388-m804_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(absq.4\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte5398-m904_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abqv.4\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte7480-m804_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte7480-m804_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abra.9\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:lte7490-m904_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lte7490-m904_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abqy.8\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nr7101_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nr7101_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.00\\(abuv.10\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nr7102_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nr7102_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "v1.00\\(abyd.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nebula_nr5101_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nebula_nr5101_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThan": "1.16\\(accg.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nebula_nr7101_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nebula_nr7101_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.16\\(accc.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nebula_lte3301-plus_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18\\(acca.4\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx3300-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx3300-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx3300-t1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx3300-t1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50(abvy.5.3)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx3301-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx4510-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx4510-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abyl.7\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx4510-b1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abyl.7\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx5401-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:dx5401_b1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dx5401_b1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:ee6510-10_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ee6510-10_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.19\\(acjq.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:ex2210-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex2210-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(acdi.1\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx3100-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.50\\(abvl.4.3\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx3401-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abve.2.5\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx3401-b1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx3401-b1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17(abve.2.5)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx5600-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.70\\(aceb.3.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:wx5610-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wx5610-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.18\\(acgj.0\\)c2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ax7501-b0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:ax7501-b1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ax7501-b1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pm3100-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.42(acbf.2.1)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pm5100-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.42\\(acbf.2.1\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pm7300-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.42\\(abyy.2.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:pm7500-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pm7500-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.61\\(ackk.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:px3321-t1_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "px3321-t1_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.44\\(acjb.1\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.44\\(achk.0.2\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:zyxel:px5301-t0_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "px5301-t0_firmware",
                "vendor": "zyxel",
                "versions": [
                  {
                    "lessThanOrEqual": "5.44\\(ackb.0\\)c0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8748",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T14:40:11.917455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T16:31:58.508Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VMG8825-T50K firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= V5.50(ABOM.8.4)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
                }
              ],
              "value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-03T01:34:18.062Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2024-8748",
        "datePublished": "2024-12-03T01:15:46.610Z",
        "dateReserved": "2024-09-12T07:51:38.916Z",
        "dateUpdated": "2024-12-03T16:31:58.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0816 (GCVE-0-2024-0816)

    Vulnerability from cvelistv5 – Published: 2024-05-21 01:29 – Updated: 2024-08-01 18:18
    VLAI
    Summary
    The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel DX3300-T1 firmware Affected: V5.50(ABVY.4)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0816",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:09:28.440350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:58:43.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:18:18.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DX3300-T1 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "V5.50(ABVY.4)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device."
                }
              ],
              "value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T01:29:00.883Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2024-0816",
        "datePublished": "2024-05-21T01:29:00.883Z",
        "dateReserved": "2024-01-23T01:35:49.705Z",
        "dateUpdated": "2024-08-01T18:18:18.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43392 (GCVE-0-2022-43392)

    Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2024-11-27 17:13
    VLAI
    Summary
    A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Zyxel NR7101 firmware Affected: < V1.15(ACCC.3)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:58.450Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-08T21:00:52.401931Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-27T17:13:31.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NR7101 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c V1.15(ACCC.3)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\u003c/p\u003e"
                }
              ],
              "value": "A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T06:51:13.677Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-43392",
        "datePublished": "2023-01-11T00:00:00.000Z",
        "dateReserved": "2022-10-18T00:00:00.000Z",
        "dateUpdated": "2024-11-27T17:13:31.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43391 (GCVE-0-2022-43391)

    Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2024-10-15 17:12
    VLAI
    Summary
    A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Zyxel NR7101 firmware Affected: < V1.15(ACCC.3)C0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:58.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43391",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:12.473207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:12:34.022Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NR7101 firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c V1.15(ACCC.3)C0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\u003c/p\u003e"
                }
              ],
              "value": "A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T06:50:37.887Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2022-43391",
        "datePublished": "2023-01-11T00:00:00.000Z",
        "dateReserved": "2022-10-18T00:00:00.000Z",
        "dateUpdated": "2024-10-15T17:12:34.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35036 (GCVE-0-2021-35036)

    Vulnerability from cvelistv5 – Published: 2022-03-01 06:20 – Updated: 2024-08-04 00:33
    VLAI
    Summary
    A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zyxel VMG3625-T50B firmware Affected: V5.50(ABTL.0)b2k
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:33:49.906Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMG3625-T50B firmware",
              "vendor": "Zyxel",
              "versions": [
                {
                  "status": "affected",
                  "version": "V5.50(ABTL.0)b2k"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312: Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-27T13:19:55.000Z",
            "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
            "shortName": "Zyxel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zyxel.com.tw",
              "ID": "CVE-2021-35036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMG3625-T50B firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V5.50(ABTL.0)b2k"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zyxel"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-312: Cleartext Storage of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "assignerShortName": "Zyxel",
        "cveId": "CVE-2021-35036",
        "datePublished": "2022-03-01T06:20:12.000Z",
        "dateReserved": "2021-06-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:33:49.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }