Search criteria
14 vulnerabilities found for lte7490-m904_firmware by zyxel
CVE-2024-8748 (GCVE-0-2024-8748)
Vulnerability from nvd – Published: 2024-12-03 01:15 – Updated: 2024-12-03 16:31
VLAI?
Summary
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG8825-T50K firmware |
Affected:
<= V5.50(ABOM.8.4)C0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmg8825-t50k_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abom.8.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte3301-plus_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abqu.5\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte5388-m804_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(absq.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte5398-m904_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abqv.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte7480-m804_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte7480-m804_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abra.9\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte7490-m904_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte7490-m904_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abqy.8\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nr7101_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nr7101_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abuv.10\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nr7102_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nr7102_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "v1.00\\(abyd.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nebula_nr5101_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nebula_nr5101_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "1.16\\(accg.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nebula_nr7101_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nebula_nr7101_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.16\\(accc.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nebula_lte3301-plus_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.18\\(acca.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx3300-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx3300-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx3300-t1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx3300-t1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50(abvy.5.3)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx3301-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx4510-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx4510-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyl.7\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx4510-b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyl.7\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx5401-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx5401_b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx5401_b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ee6510-10_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ee6510-10_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.19\\(acjq.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ex2210-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ex2210-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(acdi.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx3100-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abvl.4.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx3401-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abve.2.5\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx3401-b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx3401-b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17(abve.2.5)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx5600-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.70\\(aceb.3.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx5610-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx5610-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.18\\(acgj.0\\)c2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax7501-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ax7501-b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax7501-b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm3100-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.42(acbf.2.1)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm5100-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.42\\(acbf.2.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm7300-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.42\\(abyy.2.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm7500-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm7500-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.61\\(ackk.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:px3321-t1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "px3321-t1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.44\\(acjb.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.44\\(achk.0.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:px5301-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "px5301-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.44\\(ackb.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:40:11.917455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:31:58.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMG8825-T50K firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= V5.50(ABOM.8.4)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
}
],
"value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T01:34:18.062Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2024-8748",
"datePublished": "2024-12-03T01:15:46.610Z",
"dateReserved": "2024-09-12T07:51:38.916Z",
"dateUpdated": "2024-12-03T16:31:58.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0816 (GCVE-0-2024-0816)
Vulnerability from nvd – Published: 2024-05-21 01:29 – Updated: 2024-08-01 18:18
VLAI?
Summary
The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
Severity ?
5.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | DX3300-T1 firmware |
Affected:
V5.50(ABVY.4)C0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:09:28.440350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:43.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DX3300-T1 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.50(ABVY.4)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device."
}
],
"value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T01:29:00.883Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2024-0816",
"datePublished": "2024-05-21T01:29:00.883Z",
"dateReserved": "2024-01-23T01:35:49.705Z",
"dateUpdated": "2024-08-01T18:18:18.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27989 (GCVE-0-2023-27989)
Vulnerability from nvd – Published: 2023-06-05 11:02 – Updated: 2025-01-08 17:19
VLAI?
Summary
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.00(ABUV.8)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:18:25.166457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:19:22.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.00(ABUV.8)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device."
}
],
"value": "A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T11:02:54.929Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-27989",
"datePublished": "2023-06-05T11:02:54.929Z",
"dateReserved": "2023-03-09T08:44:12.873Z",
"dateUpdated": "2025-01-08T17:19:22.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43392 (GCVE-0-2022-43392)
Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2024-11-27 17:13
VLAI?
Summary
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-08T21:00:52.401931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T17:13:31.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:51:13.677Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43392",
"datePublished": "2023-01-11T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-11-27T17:13:31.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43391 (GCVE-0-2022-43391)
Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2024-10-15 17:12
VLAI?
Summary
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:12.473207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:12:34.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:50:37.887Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43391",
"datePublished": "2023-01-11T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-10-15T17:12:34.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43390 (GCVE-0-2022-43390)
Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2025-04-08 20:16
VLAI?
Summary
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
Severity ?
5.4 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:57.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:15:49.379601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:16:36.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43390",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-08T20:16:36.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43389 (GCVE-0-2022-43389)
Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2025-04-09 13:52
VLAI?
Summary
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
Severity ?
8.6 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:52:13.858354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:52:22.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43389",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-09T13:52:22.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8748 (GCVE-0-2024-8748)
Vulnerability from cvelistv5 – Published: 2024-12-03 01:15 – Updated: 2024-12-03 16:31
VLAI?
Summary
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG8825-T50K firmware |
Affected:
<= V5.50(ABOM.8.4)C0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmg8825-t50k_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abom.8.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte3301-plus_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abqu.5\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte5388-m804_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(absq.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte5398-m904_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abqv.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte7480-m804_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte7480-m804_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abra.9\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte7490-m904_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte7490-m904_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abqy.8\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nr7101_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nr7101_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abuv.10\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nr7102_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nr7102_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "v1.00\\(abyd.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nebula_nr5101_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nebula_nr5101_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "1.16\\(accg.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nebula_nr7101_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nebula_nr7101_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.16\\(accc.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nebula_lte3301-plus_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.18\\(acca.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx3300-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx3300-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx3300-t1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx3300-t1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50(abvy.5.3)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx3301-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx4510-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx4510-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyl.7\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx4510-b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyl.7\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx5401-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx5401_b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx5401_b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ee6510-10_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ee6510-10_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.19\\(acjq.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ex2210-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ex2210-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(acdi.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx3100-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abvl.4.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx3401-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abve.2.5\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx3401-b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx3401-b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17(abve.2.5)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx5600-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.70\\(aceb.3.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx5610-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx5610-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.18\\(acgj.0\\)c2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax7501-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ax7501-b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax7501-b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm3100-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.42(acbf.2.1)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm5100-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.42\\(acbf.2.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm7300-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.42\\(abyy.2.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm7500-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm7500-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.61\\(ackk.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:px3321-t1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "px3321-t1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.44\\(acjb.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.44\\(achk.0.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:px5301-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "px5301-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.44\\(ackb.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:40:11.917455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:31:58.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMG8825-T50K firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= V5.50(ABOM.8.4)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
}
],
"value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T01:34:18.062Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2024-8748",
"datePublished": "2024-12-03T01:15:46.610Z",
"dateReserved": "2024-09-12T07:51:38.916Z",
"dateUpdated": "2024-12-03T16:31:58.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0816 (GCVE-0-2024-0816)
Vulnerability from cvelistv5 – Published: 2024-05-21 01:29 – Updated: 2024-08-01 18:18
VLAI?
Summary
The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
Severity ?
5.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | DX3300-T1 firmware |
Affected:
V5.50(ABVY.4)C0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:09:28.440350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:43.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DX3300-T1 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.50(ABVY.4)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device."
}
],
"value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T01:29:00.883Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2024-0816",
"datePublished": "2024-05-21T01:29:00.883Z",
"dateReserved": "2024-01-23T01:35:49.705Z",
"dateUpdated": "2024-08-01T18:18:18.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27989 (GCVE-0-2023-27989)
Vulnerability from cvelistv5 – Published: 2023-06-05 11:02 – Updated: 2025-01-08 17:19
VLAI?
Summary
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.00(ABUV.8)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:18:25.166457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:19:22.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.00(ABUV.8)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device."
}
],
"value": "A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T11:02:54.929Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2023-27989",
"datePublished": "2023-06-05T11:02:54.929Z",
"dateReserved": "2023-03-09T08:44:12.873Z",
"dateUpdated": "2025-01-08T17:19:22.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43392 (GCVE-0-2022-43392)
Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2024-11-27 17:13
VLAI?
Summary
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-08T21:00:52.401931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T17:13:31.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:51:13.677Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43392",
"datePublished": "2023-01-11T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-11-27T17:13:31.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43391 (GCVE-0-2022-43391)
Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2024-10-15 17:12
VLAI?
Summary
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:12.473207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:12:34.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:50:37.887Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43391",
"datePublished": "2023-01-11T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-10-15T17:12:34.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43389 (GCVE-0-2022-43389)
Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2025-04-09 13:52
VLAI?
Summary
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
Severity ?
8.6 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:52:13.858354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:52:22.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43389",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-09T13:52:22.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43390 (GCVE-0-2022-43390)
Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2025-04-08 20:16
VLAI?
Summary
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
Severity ?
5.4 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:57.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:15:49.379601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:16:36.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43390",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-08T20:16:36.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}