Vulnerabilites related to zyxel - vmg4927-b50a_firmware
cve-2022-26413
Vulnerability from cvelistv5
Published
2022-04-11 12:00
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG3312-T20A firmware |
Version: V5.30(ABFX.5)C0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMG3312-T20A firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.30(ABFX.5)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T12:00:19",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-26413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMG3312-T20A firmware",
"version": {
"version_data": [
{
"version_value": "V5.30(ABFX.5)C0"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.0",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-26413",
"datePublished": "2022-04-11T12:00:19",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9200
Vulnerability from cvelistv5
Published
2024-12-03 01:33
Modified
2024-12-06 04:55
Severity ?
EPSS score ?
Summary
A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG4005-B50A firmware |
Version: <= V5.15(ABQA.2.2)C0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:emg6726-b10a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emg6726-b10a_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.13\\(abnp.8\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:vmg3927-b50b_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmg3927-b50b_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.13\\(ably.9\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmg4005-b50a_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.15\\(abqa.2.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmg4005-b60a_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.15\\(abqa.2.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:vmg4005-b50b_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmg4005-b50b_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.13\\(abrl.5.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:vmg4927-b50a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmg4927-b50a_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.13\\(ably.9\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T04:55:23.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMG4005-B50A firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= V5.15(ABQA.2.2)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A post-authentication command injection vulnerability in the \"host\" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device."
}
],
"value": "A post-authentication command injection vulnerability in the \"host\" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T01:33:47.398Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2024-9200",
"datePublished": "2024-12-03T01:33:47.398Z",
"dateReserved": "2024-09-26T09:34:37.485Z",
"dateUpdated": "2024-12-06T04:55:23.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8748
Vulnerability from cvelistv5
Published
2024-12-03 01:15
Modified
2024-12-03 16:31
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG8825-T50K firmware |
Version: <= V5.50(ABOM.8.4)C0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmg8825-t50k_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abom.8.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte3301-plus_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abqu.5\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte5388-m804_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(absq.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte5398-m904_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abqv.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte7480-m804_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte7480-m804_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abra.9\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:lte7490-m904_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lte7490-m904_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abqy.8\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nr7101_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nr7101_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.00\\(abuv.10\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nr7102_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nr7102_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "v1.00\\(abyd.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nebula_nr5101_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nebula_nr5101_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThan": "1.16\\(accg.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nebula_nr7101_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nebula_nr7101_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.16\\(accc.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nebula_lte3301-plus_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.18\\(acca.4\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx3300-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx3300-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx3300-t1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx3300-t1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50(abvy.5.3)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx3301-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abvy.5.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx4510-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx4510-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyl.7\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx4510-b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyl.7\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx5401-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:dx5401_b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dx5401_b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abyo.6.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ee6510-10_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ee6510-10_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.19\\(acjq.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ex2210-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ex2210-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(acdi.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx3100-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.50\\(abvl.4.3\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx3401-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abve.2.5\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx3401-b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx3401-b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17(abve.2.5)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx5600-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.70\\(aceb.3.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:wx5610-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wx5610-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.18\\(acgj.0\\)c2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax7501-b0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:ax7501-b1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax7501-b1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.17\\(abpc.5.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm3100-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.42(acbf.2.1)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm5100-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.42\\(acbf.2.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm7300-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.42\\(abyy.2.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:pm7500-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm7500-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.61\\(ackk.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:px3321-t1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "px3321-t1_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.44\\(acjb.1\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.44\\(achk.0.2\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zyxel:px5301-t0_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "px5301-t0_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "5.44\\(ackb.0\\)c0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:40:11.917455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:31:58.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMG8825-T50K firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= V5.50(ABOM.8.4)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
}
],
"value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T01:34:18.062Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2024-8748",
"datePublished": "2024-12-03T01:15:46.610Z",
"dateReserved": "2024-09-12T07:51:38.916Z",
"dateUpdated": "2024-12-03T16:31:58.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26414
Vulnerability from cvelistv5
Published
2022-04-11 12:05
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG3312-T20A firmware |
Version: V5.30(ABFX.5)C0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMG3312-T20A firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.30(ABFX.5)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T12:05:11",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-26414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMG3312-T20A firmware",
"version": {
"version_data": [
{
"version_value": "V5.30(ABFX.5)C0"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.0",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-26414",
"datePublished": "2022-04-11T12:05:11",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-12-03 02:15
Modified
2025-01-21 21:20
Severity ?
Summary
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte3301-plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6716746F-4642-4BA8-B1FB-38CBE0FEFE65",
"versionEndExcluding": "1.00\\(abqu.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4814D3A1-C0D4-4573-AD77-C2EE7AC11CB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte5388-m804_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A2E6EF-6C66-4D10-8F13-207C102BB403",
"versionEndExcluding": "1.00\\(absq.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte5388-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E67FFCF7-ECE9-4644-B248-1B6E10AD9398",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte5398-m904_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C439774C-3B11-4738-8F57-24AE9190E437",
"versionEndExcluding": "1.00\\(abq.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte5398-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F90453B8-19FF-4FF3-A167-E1A70E022201",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "441D0E0B-3740-41A5-B227-F737C011B935",
"versionEndExcluding": "1.00\\(abra.10\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3480021-1538-48ED-BE89-BB0DF562C7DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F271F483-5F07-4305-B674-87C29D59DCBF",
"versionEndExcluding": "1.00\\(abqy.9\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC75F6DE-DCAF-47A0-B6BB-0E050C68AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A73FA031-D008-4AFA-AAEB-8DCDAD995B46",
"versionEndExcluding": "1.00\\(abu.11\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90099DBC-0E96-4F19-BEDF-1220A2E054DC",
"versionEndExcluding": "1.00\\(abyd.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A15757-DE6F-4A72-9CAD-BAC04BD340A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EECE4B-3C71-4738-8A95-FDD453D5F077",
"versionEndExcluding": "1.16\\(accg.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F605B8-A892-4119-AB7A-D14CDC5DFC88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16CC26F4-CE74-470D-98B0-CDD57B19DE7E",
"versionEndExcluding": "1.16\\(accc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E09E83F-148C-4598-91A4-9712C198A0D6",
"versionEndExcluding": "1.18\\(acca.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42297A6A-3E50-4E9E-ABF6-58C77F222DC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D2EEEC-58EA-4444-AFBD-8CDA76DE7C30",
"versionEndExcluding": "5.50\\(aby.5.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3E176E-F728-4385-8533-4C694D43898A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C17621-DFBD-43E0-ABCE-31EA1424A95D",
"versionEndExcluding": "5.50\\(aby.5.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2456F691-C182-4BE6-A08F-5E1717366DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F03882BE-6854-4DA0-AE71-E1DF1D9942F0",
"versionEndExcluding": "5.50\\(aby.5.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDC072-5D40-4130-9B5F-22FDA9BF909A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx4510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E69CBC66-C2FA-441A-A8DE-DE5ABA996503",
"versionEndExcluding": "5.17\\(abyl.8\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx4510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0338E1C-2509-4510-8C8D-4BD5AEA47D81",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD602C-4DB1-4C4C-BC2A-EBD52E4C962C",
"versionEndExcluding": "5.17\\(abyl.8\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8668990-045A-4DDD-9089-DE0025B69765",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14B8FE6B-542A-4EE7-8BD3-7E5547E0BB08",
"versionEndExcluding": "5.17\\(abyo.6.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B632720-75B8-47A7-8694-C27C2CA26D4E",
"versionEndExcluding": "5.17\\(abyo.6.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE5C53C-4255-4AEE-A49E-36C1A2CF10F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC2224E-9481-447A-8E1F-0F6BE170323E",
"versionEndExcluding": "5.19\\(acjq.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4AE46D-E374-4224-9A66-4291B6A10C00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex2210-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F2AE02D-5388-434C-956E-D7B326ABF44F",
"versionEndExcluding": "5.50\\(acdi.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex2210-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A71E4E6F-357E-4DAA-B7D7-7CF44000F0CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAF5BD1-FA85-47D8-AC74-B89C37673872",
"versionEndExcluding": "5.50\\(aby.5.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "137F8B94-4176-4D9B-8704-28525E7352D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED77538-32BD-41D0-AFB0-B523B1B0D626",
"versionEndExcluding": "5.50\\(aby.5.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F766221F-7478-4E39-B4CD-A2498ACEE754",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15FA1F1B-3DAB-4C9A-9EAC-6F73C91C6000",
"versionEndExcluding": "5.50\\(aby.5.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31134E19-A43A-4414-AC4A-A4D3D6D89C3F",
"versionEndExcluding": "5.44\\(achr.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8714EB1B-38E5-4295-AD26-EE13E2161DEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B24B63E-44D9-4967-9A25-0845F07466DE",
"versionEndExcluding": "5.44\\(achr.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A98F76BD-0404-46DD-AE6A-EB630FEC8904",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A631CCE-1DBA-45EA-BCAE-35976C74CFB6",
"versionEndExcluding": "5.17\\(abup.13\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3510-b1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F451D2-9058-439C-B065-C635E1833B28",
"versionEndExcluding": "5.17\\(abup.13\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3510-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F955BD9-4D44-46BE-8605-51C6250A74D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F55E0C82-22FD-4345-BA36-3A2F29216AD3",
"versionEndExcluding": "5.70\\(acif.0.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3600-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BCC6A9-1CAE-459D-BE7D-AAB956BD1B92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08F959D0-DAF0-4D07-811C-54E780ABB35E",
"versionEndExcluding": "5.17\\(abyo.6.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE7E255-C846-4509-A6CE-CBC50C0E5EE5",
"versionEndExcluding": "5.17\\(abyo.6.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7213FA12-5CD6-4E9B-8387-A52AEF17EA10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F887CE60-20C2-4301-B515-5C14C9C8D805",
"versionEndExcluding": "5.17\\(abry.5.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "568E5F9E-EFFE-4D1B-B06B-EED70C27985B",
"versionEndExcluding": "5.17\\(abqx.11\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E82D41CC-2EB3-4892-8383-FB2C9EC64D9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2177DB8F-097F-438C-9B0F-E4A14540A89D",
"versionEndExcluding": "5.70\\(aceg4.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F32FA3FB-CE89-4CC1-9D8D-765B90A122DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5600-t1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF44159-2967-4DDD-8AD8-DE16871899D7",
"versionEndExcluding": "5.70\\(acdz.3.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "021CFB91-4627-4080-BF09-0BB5EFA708DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43F04ACC-EED8-4800-BA30-3FC704AF5D6C",
"versionEndExcluding": "5.70\\(acdz.3.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFF2039-5DCC-4850-8BDA-3D418629C226",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "435327F5-1A4D-46BA-B572-0771BAD3215F",
"versionEndExcluding": "5.70\\(acdz.3.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D629D4B6-B2F2-45F1-9295-71751570C231",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116A0A50-6379-4D72-8059-4D74FA208140",
"versionEndExcluding": "5.18\\(achn.1.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE049DE-A5DA-4A4F-BA30-BBD09FF34DE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex7710-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19EE58DA-A323-4BE1-A761-5E2C94F8A2A6",
"versionEndExcluding": "5.18\\(acak.1.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex7710-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07727D9C-723B-4761-B6B6-07FE1784D3C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B992C7F8-F4DF-4426-ACFE-B1EF7DB26E53",
"versionEndExcluding": "5.50\\(abpm.9.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93D83C92-EE57-48F4-B532-FC13657D0F37",
"versionEndExcluding": "5.50\\(abpm.9.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "131D1D3D-382A-4563-B608-3848AACDF8A0",
"versionEndExcluding": "5.50\\(abom.8.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "593C78E3-E459-4519-9313-FAA93315A6C8",
"versionEndExcluding": "5.13\\(abnp.8\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "304D3B33-F7EC-4EB3-B6EF-6BEB2112F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC43957D-D4F5-4D72-9876-C2796F9714CD",
"versionEndExcluding": "5.50\\(abpm.9.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5E8468-D12F-4CBE-AC7E-27D5A928A85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1009022D-5033-47D2-B310-5B0C42CA3F69",
"versionEndExcluding": "5.13\\(ably.9\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94BE349D-EC30-4EB7-8B68-EA7223364A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5030BD1-0653-4431-87B9-07CA0C1FDE33",
"versionEndExcluding": "5.50\\(abom.8.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEB980C-00C4-45DB-A2C1-64F3BB69DF54",
"versionEndExcluding": "5.15\\(abqa.2.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F74228-AC0C-4150-974D-54D77BBF9A90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD035A19-15E2-4740-A264-11D0E30777A2",
"versionEndExcluding": "5.15\\(abqa.2.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30C1B91D-3EA0-4A1D-833A-6767A6C84DA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8696573D-D3FF-4CAB-B6C0-743B8AAA20AE",
"versionEndExcluding": "5.13\\(abrl.5.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36B2A37B-0662-43E7-AEB4-DF0C5A30A95F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D62F49F-1E1B-4E6E-A72A-1DEC917E21DC",
"versionEndExcluding": "5.13\\(ably.9\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EE70D2-51BB-4E45-8995-655C1394C440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "916BC802-CBB6-43FE-91D2-76EFA752481C",
"versionEndExcluding": "5.50\\(abpm.9.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0D8789-938A-475D-B105-64B225BABD97",
"versionEndExcluding": "5.50\\(abom.8.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEC4924-34DB-4AFB-8CEF-0ABBAFFD0E0B",
"versionEndExcluding": "5.50\\(abpy.1\\)b26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F525A6F3-7510-47EF-AD60-A05214BEAFF8",
"versionEndExcluding": "5.17\\(abpc.5.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77887B8D-E582-41FC-8ED5-11D631C5A062",
"versionEndExcluding": "5.17\\(abpc.5.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "780BBA7D-7E2C-4624-AA15-8A51F3DF428F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm3100-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804D1F95-0D82-4052-98C6-996DBB94BB48",
"versionEndExcluding": "5.42\\(acbf.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm3100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F78F88D4-A782-4075-A3CB-A728CE4014DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm5100-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D7006F-2710-4A4E-958B-F707865D942A",
"versionEndExcluding": "5.42\\(acbf.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm5100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "249AF476-CAA4-4C87-8CC3-E0AF15E61F7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E85316-F791-4789-AA88-DE1D5E9E62A0",
"versionEndExcluding": "5.42\\(abyy.2.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7500-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E49610-E756-42B8-8C0C-438A587EB8DB",
"versionEndExcluding": "5.61\\(ackk.0.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7500-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09F7FD2C-ED57-4EB4-9EB7-DE2F376FD858",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A23D6389-D322-4EC0-847A-488B735CE373",
"versionEndExcluding": "5.44\\(acjb.1.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB525DE-2E08-4848-976E-7DF6C7E19578",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DBE5D0-F363-4EDA-8CE9-14F2B2B0C19D",
"versionEndExcluding": "5.44\\(achk.0.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB525DE-2E08-4848-976E-7DF6C7E19578",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2213D90C-25CE-4A61-8479-1BC87DF35A80",
"versionEndExcluding": "5.44\\(ackb.0.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBB4C27-DAEB-4297-98DC-3B22353B5184",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx3100-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D3A977-B98F-4626-8C3A-D830F5355D85",
"versionEndExcluding": "5.50\\(abl.4.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C56248-D12F-46DC-A52F-0607E4A5DCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx3401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "801684BD-8E4B-4881-9052-0116734FFB66",
"versionEndExcluding": "5.17\\(abe.2.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "677C554B-F9C7-4780-97C0-6021146F8B3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx3401-b1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23166E44-D53C-4410-B50D-9C7C10B1D7E8",
"versionEndExcluding": "5.17\\(abe.2.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx3401-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C8FB13-CBCF-4A74-8DFD-874B9A990577",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F48FFD6-108C-459D-96D8-5ABE4F10681A",
"versionEndExcluding": "5.70\\(aceb.3.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx5610-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3280237A-C025-4324-8747-39EE5D697327",
"versionEndExcluding": "5.18\\(acgj0.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx5610-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88909887-E078-4EC5-BA49-2EFCABF1EB1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el analizador de paquetes de la librer\u00eda de terceros \"libclinkc\" en las versiones de firmware Zyxel VMG8825-T50K hasta V5.50(ABOM.8.4)C0 podr\u00eda permitir que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) temporal contra la interfaz de administraci\u00f3n web al enviar una solicitud HTTP POST manipulada a un dispositivo vulnerable."
}
],
"id": "CVE-2024-8748",
"lastModified": "2025-01-21T21:20:19.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@zyxel.com.tw",
"type": "Primary"
}
]
},
"published": "2024-12-03T02:15:17.620",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zyxel.com.tw",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 13:15
Modified
2024-11-21 06:53
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3312-t20a_firmware:5.30\\(abfx.5\\)c0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF433563-7AA7-41BF-9ECF-F1E1B9C5C1C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3312-t20a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AF3952-10E9-4AC8-BA25-BA5C3C203063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:america:*:*:*",
"matchCriteriaId": "FE982B82-95DD-40FA-8A7E-F6EB44323692",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:emea:*:*:*",
"matchCriteriaId": "EB52E6B4-08EF-4427-AA01-E783C9F1FCF4",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:america:*:*:*",
"matchCriteriaId": "A48A0914-787A-4884-909E-3332DD472873",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:emea:*:*:*",
"matchCriteriaId": "1B417B43-F5C6-4551-BD4E-7E2706BCF8B9",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAE1EA0-A113-4324-8347-838A01B00437",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D931985-C10C-41C4-B459-FC454DE8C9FA",
"versionEndExcluding": "5.13\\(abnp.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "304D3B33-F7EC-4EB3-B6EF-6BEB2112F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg1312-t20b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5252A997-772F-4785-8440-B7909A9860A8",
"versionEndExcluding": "5.50\\(absb.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg1312-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37348176-08FD-40F0-9903-05ABABBB1F5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "331ACFBC-2467-45CC-82A3-717C93D34D02",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5E8468-D12F-4CBE-AC7E-27D5A928A85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291B5E34-3870-46DD-9A74-2D2FFD1B6E52",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F814684F-D45D-4EF8-A294-A6122B7A760B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D55734D-F4F4-4C97-BC31-7B532DA47EA9",
"versionEndExcluding": "5.13\\(ably.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94BE349D-EC30-4EB7-8B68-EA7223364A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4293E4-AE61-4978-A750-D5FAF442D67B",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99C11501-33FD-4421-909E-E6533EF6F03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8201B9D7-433E-4D79-9115-FA1F25223121",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "543081DE-AEC8-4658-AAE4-63EE1A261645",
"versionEndExcluding": "5.13\\(ably.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EE70D2-51BB-4E45-8995-655C1394C440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A24F15A-1F77-413C-9BD1-CFBE890ACD31",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDACBF89-DCA8-43F0-91BF-8A29E63B33BD",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED88F55C-C687-4413-BEC8-DEB15D6AA2F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B10EC6-E8B2-4619-8F9D-10516569B806",
"versionEndExcluding": "5.17\\(abny.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D66B624-EAAA-4C2D-BBE6-D0A0ED6BD5F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0933D98-49F6-4B0F-9D04-2149BFB7FB7F",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502EBC83-0E8D-4B13-BA0D-040B40C58A1D",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7654E872-36CA-4502-9B91-01741D6E4F46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b60b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B963909-27C2-43A6-9479-EE2F863FC817",
"versionEndExcluding": "5.17\\(abny.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b60b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6368C175-7D1B-4F70-B11F-B8CE7FBE0B82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg3927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81E3153A-08CF-4F02-97EA-B68751EE7791",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg3927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B19AC3-D417-48C7-8C18-F5516794260B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg8825-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E58CAE-3737-406F-9647-B59598A6733A",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg8825-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4861B59F-AB86-4A4D-A04C-6EE68EC4A206",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91B77C-EC30-4C88-AAEB-330B7A3E0470",
"versionEndExcluding": "5.17\\(abyo.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6781DA-4800-47E9-BB67-89ACC0F43D04",
"versionEndExcluding": "5.17\\(abup.4\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B44185-756B-4B9B-A377-DB3191606702",
"versionEndExcluding": "5.17\\(abyo.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291AA836-D0F7-4AD7-8D76-0F1A5B9ECCCF",
"versionEndExcluding": "5.17\\(abry.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF7BC18-210C-4E21-A850-61A8D6B701BE",
"versionEndExcluding": "5.17\\(abpc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ep240p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457C1585-BD6F-4C3A-953D-96194EDD065E",
"versionEndExcluding": "5.40\\(abh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91367DDE-F430-42F7-B4F2-28AEF7FDCB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E0639D-0861-4A10-AFA6-8251AD2217BB",
"versionEndExcluding": "5.42\\(acbc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA4B81-5FE7-43D5-8A96-A1BF0CBA8CC6",
"versionEndExcluding": "5.40\\(abki.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E53F230A-806F-413B-BE4B-2A95645751DF",
"versionEndExcluding": "5.40\\(abna.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFBE0FC-A355-4E32-A606-4130B2581CE1",
"versionEndExcluding": "5.41\\(acbb.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B35005D7-D8E4-4BC5-A59C-6A69255E7EC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09514F76-89EC-4ADF-9400-F14BB917EF97",
"versionEndExcluding": "5.40\\(abnb.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:px7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C655ED2E-A791-40B7-99C5-FF3F874A2A27",
"versionEndExcluding": "5.17\\(abpc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:px7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "076C6AD3-E8A3-4639-805E-20FA866BDFDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el programa CGI del firmware de Zyxel VMG3312-T20A versi\u00f3n 5.30(ABFX.5)C0, podr\u00eda permitir a un atacante local autenticado ejecutar comandos arbitrarios del Sistema Operativo en un dispositivo vulnerable por medio de una interfaz LAN"
}
],
"id": "CVE-2022-26413",
"lastModified": "2024-11-21T06:53:54.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T13:15:07.763",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 13:15
Modified
2024-11-21 06:53
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3312-t20a_firmware:5.30\\(abfx.5\\)c0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF433563-7AA7-41BF-9ECF-F1E1B9C5C1C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3312-t20a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AF3952-10E9-4AC8-BA25-BA5C3C203063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:america:*:*:*",
"matchCriteriaId": "FE982B82-95DD-40FA-8A7E-F6EB44323692",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:emea:*:*:*",
"matchCriteriaId": "EB52E6B4-08EF-4427-AA01-E783C9F1FCF4",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:america:*:*:*",
"matchCriteriaId": "A48A0914-787A-4884-909E-3332DD472873",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:emea:*:*:*",
"matchCriteriaId": "1B417B43-F5C6-4551-BD4E-7E2706BCF8B9",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAE1EA0-A113-4324-8347-838A01B00437",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D931985-C10C-41C4-B459-FC454DE8C9FA",
"versionEndExcluding": "5.13\\(abnp.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "304D3B33-F7EC-4EB3-B6EF-6BEB2112F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg1312-t20b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5252A997-772F-4785-8440-B7909A9860A8",
"versionEndExcluding": "5.50\\(absb.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg1312-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37348176-08FD-40F0-9903-05ABABBB1F5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "331ACFBC-2467-45CC-82A3-717C93D34D02",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5E8468-D12F-4CBE-AC7E-27D5A928A85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291B5E34-3870-46DD-9A74-2D2FFD1B6E52",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F814684F-D45D-4EF8-A294-A6122B7A760B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D55734D-F4F4-4C97-BC31-7B532DA47EA9",
"versionEndExcluding": "5.13\\(ably.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94BE349D-EC30-4EB7-8B68-EA7223364A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4293E4-AE61-4978-A750-D5FAF442D67B",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99C11501-33FD-4421-909E-E6533EF6F03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8201B9D7-433E-4D79-9115-FA1F25223121",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "543081DE-AEC8-4658-AAE4-63EE1A261645",
"versionEndExcluding": "5.13\\(ably.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EE70D2-51BB-4E45-8995-655C1394C440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A24F15A-1F77-413C-9BD1-CFBE890ACD31",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDACBF89-DCA8-43F0-91BF-8A29E63B33BD",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED88F55C-C687-4413-BEC8-DEB15D6AA2F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B10EC6-E8B2-4619-8F9D-10516569B806",
"versionEndExcluding": "5.17\\(abny.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D66B624-EAAA-4C2D-BBE6-D0A0ED6BD5F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0933D98-49F6-4B0F-9D04-2149BFB7FB7F",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502EBC83-0E8D-4B13-BA0D-040B40C58A1D",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7654E872-36CA-4502-9B91-01741D6E4F46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b60b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B963909-27C2-43A6-9479-EE2F863FC817",
"versionEndExcluding": "5.17\\(abny.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b60b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6368C175-7D1B-4F70-B11F-B8CE7FBE0B82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg3927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81E3153A-08CF-4F02-97EA-B68751EE7791",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg3927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B19AC3-D417-48C7-8C18-F5516794260B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg8825-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E58CAE-3737-406F-9647-B59598A6733A",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg8825-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4861B59F-AB86-4A4D-A04C-6EE68EC4A206",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91B77C-EC30-4C88-AAEB-330B7A3E0470",
"versionEndExcluding": "5.17\\(abyo.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6781DA-4800-47E9-BB67-89ACC0F43D04",
"versionEndExcluding": "5.17\\(abup.4\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B44185-756B-4B9B-A377-DB3191606702",
"versionEndExcluding": "5.17\\(abyo.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291AA836-D0F7-4AD7-8D76-0F1A5B9ECCCF",
"versionEndExcluding": "5.17\\(abry.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF7BC18-210C-4E21-A850-61A8D6B701BE",
"versionEndExcluding": "5.17\\(abpc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ep240p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457C1585-BD6F-4C3A-953D-96194EDD065E",
"versionEndExcluding": "5.40\\(abh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91367DDE-F430-42F7-B4F2-28AEF7FDCB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E0639D-0861-4A10-AFA6-8251AD2217BB",
"versionEndExcluding": "5.42\\(acbc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA4B81-5FE7-43D5-8A96-A1BF0CBA8CC6",
"versionEndExcluding": "5.40\\(abki.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E53F230A-806F-413B-BE4B-2A95645751DF",
"versionEndExcluding": "5.40\\(abna.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFBE0FC-A355-4E32-A606-4130B2581CE1",
"versionEndExcluding": "5.41\\(acbb.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B35005D7-D8E4-4BC5-A59C-6A69255E7EC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09514F76-89EC-4ADF-9400-F14BB917EF97",
"versionEndExcluding": "5.40\\(abnb.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:px7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C655ED2E-A791-40B7-99C5-FF3F874A2A27",
"versionEndExcluding": "5.17\\(abpc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:px7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "076C6AD3-E8A3-4639-805E-20FA866BDFDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service."
},
{
"lang": "es",
"value": "Se ha identificado una potencial vulnerabilidad de desbordamiento de b\u00fafer en algunas funciones internas del firmware de Zyxel VMG3312-T20A versi\u00f3n 5.30(ABFX.5)C0, que podr\u00eda ser aprovechada por un atacante local autenticado para causar una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-26414",
"lastModified": "2024-11-21T06:53:54.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T13:15:07.857",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-03 02:15
Modified
2025-01-21 21:13
Severity ?
Summary
A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | emg6726-b10a_firmware | * | |
| zyxel | emg6726-b10a | - | |
| zyxel | vmg3927-b50b_firmware | * | |
| zyxel | vmg3927-b50b | - | |
| zyxel | vmg4005-b50a_firmware | * | |
| zyxel | vmg4005-b50a | - | |
| zyxel | vmg4005-b60a_firmware | * | |
| zyxel | vmg4005-b60a | - | |
| zyxel | vmg4005-b50b_firmware | * | |
| zyxel | vmg4005-b50b | - | |
| zyxel | vmg4927-b50a_firmware | * | |
| zyxel | vmg4927-b50a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "593C78E3-E459-4519-9313-FAA93315A6C8",
"versionEndExcluding": "5.13\\(abnp.8\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "304D3B33-F7EC-4EB3-B6EF-6BEB2112F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1009022D-5033-47D2-B310-5B0C42CA3F69",
"versionEndExcluding": "5.13\\(ably.9\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94BE349D-EC30-4EB7-8B68-EA7223364A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEB980C-00C4-45DB-A2C1-64F3BB69DF54",
"versionEndExcluding": "5.15\\(abqa.2.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F74228-AC0C-4150-974D-54D77BBF9A90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD035A19-15E2-4740-A264-11D0E30777A2",
"versionEndExcluding": "5.15\\(abqa.2.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30C1B91D-3EA0-4A1D-833A-6767A6C84DA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8696573D-D3FF-4CAB-B6C0-743B8AAA20AE",
"versionEndExcluding": "5.13\\(abrl.5.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36B2A37B-0662-43E7-AEB4-DF0C5A30A95F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D62F49F-1E1B-4E6E-A72A-1DEC917E21DC",
"versionEndExcluding": "5.13\\(ably.9\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EE70D2-51BB-4E45-8995-655C1394C440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the \"host\" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos posterior a la autenticaci\u00f3n en el par\u00e1metro \"host\" de la funci\u00f3n de diagn\u00f3stico en las versiones de firmware Zyxel VMG4005-B50A hasta V5.15(ABQA.2.2)C0 podr\u00eda permitir que un atacante autenticado con privilegios de administrador ejecute comandos del sistema operativo (OS) en un dispositivo vulnerable."
}
],
"id": "CVE-2024-9200",
"lastModified": "2025-01-21T21:13:29.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Primary"
}
]
},
"published": "2024-12-03T02:15:17.913",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Primary"
}
]
}