cve-2023-37929
Vulnerability from cvelistv5
Published
2024-05-21 01:23
Modified
2024-08-02 17:23
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
References
security@zyxel.com.twhttps://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024Vendor Advisory
Impacted products
Vendor Product Version
Zyxel V5.50(ABPM.8)C0 firmware Version: V5.50(ABPM.8)C0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T15:15:31.555736Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T15:16:52.551Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:23:27.734Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "V5.50(ABPM.8)C0 firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "V5.50(ABPM.8)C0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device."
            }
          ],
          "value": "The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-21T01:23:53.073Z",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2023-37929",
    "datePublished": "2024-05-21T01:23:53.073Z",
    "dateReserved": "2023-07-11T01:52:33.655Z",
    "dateUpdated": "2024-08-02T17:23:27.734Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-37929\",\"sourceIdentifier\":\"security@zyxel.com.tw\",\"published\":\"2024-05-21T02:15:08.470\",\"lastModified\":\"2025-01-22T22:55:02.317\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de desbordamiento del b\u00fafer en el programa CGI de la versi\u00f3n de firmware VMG3625-T50B V5.50(ABPM.8)C0 podr\u00eda permitir que un atacante remoto autenticado cause condiciones de denegaci\u00f3n de servicio (DoS) enviando una solicitud HTTP manipulada a un dispositivo vulnerable.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:dx3300-t1_firmware:5.50\\\\(aby.4\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39CA06C1-90B9-4426-8FCD-53908911689E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2456F691-C182-4BE6-A08F-5E1717366DCA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:dx3301-t0_firmware:5.50\\\\(aby.4\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7BF144B-4B22-46C2-874E-A2ECD64AB043\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BBDC072-5D40-4130-9B5F-22FDA9BF909A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:dx4510_firmware:5.17\\\\(abyl.5\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5061F56B-7799-4601-BDAF-A3E5A25B903B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:dx4510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48A35F59-2BE4-4BE2-95B2-AE33255BBDA2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:dx5401-b0_firmware:5.17\\\\(abyo.5\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0CAE6A8-B04F-42FB-A0D2-D6F5D4622FAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B293E564-2C48-442A-A415-34383DF3ADBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:dx5401-b1_firmware:5.17\\\\(abyo.5\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ED7E7AA-1D08-4CB7-8617-6896C56D68F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFE5C53C-4255-4AEE-A49E-36C1A2CF10F5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50\\\\(abpm.8\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A66CE0FE-27D7-418D-841A-96C5F157A2A5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9259E2F6-885D-4B44-8D40-20758DA599D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50\\\\(abpm.8\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D9E74CF-3FFA-4613-9831-152955307178\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3ECE0EB-C429-4716-ABFB-73540847EB9E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:emg5723-t50k_firmware:5.50\\\\(abom.8.2\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A66FEC22-82D4-4801-8969-D5D5308622A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B18982B2-E575-478E-A2B4-0932DE329056\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex3300-t1_firmware:5.50\\\\(aby.4\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A90F2DC-861C-47BF-A67F-D6AAB3595AA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F766221F-7478-4E39-B4CD-A2498ACEE754\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex3301-t0_firmware:5.50\\\\(aby.4\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1DBDF16-C65F-4F78-BB2F-E2EDE827A658\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex3500-t0_firmware:5.44\\\\(achr.0\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1B3F5D6-77F3-41DB-A2F1-D3D66464A598\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8714EB1B-38E5-4295-AD26-EE13E2161DEA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex3501-t0_firmware:5.44\\\\(achr.0\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECD2D2A5-0884-4B2A-A969-F48230F6F35D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A98F76BD-0404-46DD-AE6A-EB630FEC8904\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex3510_firmware:5.17\\\\(abup.9\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C0FFCC6-85C3-4BF4-9B03-09B26B2114E2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex3510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F2881E-A3FB-40FE-8259-0B69AFA025E0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex5401-b0_firmware:5.17\\\\(abyo.5\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"394DBD92-A0F2-483C-9455-5699CBC30C1D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex5401-b1_firmware:5.17\\\\(abyo.5\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29922C44-EE6B-4204-93AE-A651D7E3F3DA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7213FA12-5CD6-4E9B-8387-A52AEF17EA10\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex5501-b0_firmware:5.17\\\\(abry.4\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8983D127-53E7-45F7-A125-B400AE354D79\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88B8CDD0-E73A-4FAA-9964-D8C09949CB32\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex5510_firmware:5.17\\\\(abqx.8\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AD3119-F9CB-4775-915B-03D7D2975F61\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex5510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"469C7BC8-47DB-4B39-9DD5-BB6C5620C488\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex5512-t0_firmware:5.70\\\\(aceg.2\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C26B8D2-7745-4D48-B8DA-3A8DD94DCECD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F32FA3FB-CE89-4CC1-9D8D-765B90A122DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex5600-t1_firmware:5.70\\\\(acdz.2\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0FB1871-0E0C-4262-A0F3-7C9F86803187\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"021CFB91-4627-4080-BF09-0BB5EFA708DD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex5601-t0_firmware:5.70\\\\(acdz.2\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C601F782-6040-4CE3-AE17-46740DADFA68\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABFF2039-5DCC-4850-8BDA-3D418629C226\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex5601-t1_firmware:5.70\\\\(acdz.2\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2611F0F9-CE8D-4DA9-B88F-213DF947983D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D629D4B6-B2F2-45F1-9295-71751570C231\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex7710-b0_firmware:5.18\\\\(acak.0\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAE3F3CA-CCE5-4894-BEC0-5D06D2F3D806\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex7710-b0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07727D9C-723B-4761-B6B6-07FE1784D3C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50\\\\(abpm.8\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8ACC3B-6A8E-4380-A621-551D64ADDB35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB5E8468-D12F-4CBE-AC7E-27D5A928A85A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg3927-t50k_firmware:5.50\\\\(abom.8.2\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7E4B285-39A7-4B20-8F7C-C1FCCEC45879\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B33AE56-3948-494B-9E23-54D939DF0D3E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50\\\\(abpm.8\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63727E2F-DBDC-490B-81C7-3E6C4B640694\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3535B63-318C-4EB5-ADC8-0AF3FB443DFC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg8825-t50k_firmware:5.50\\\\(abom.8.2\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"904EDFD7-FB8E-4E4F-AFD6-C8153C99B9CD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C2320B-52DF-4F86-86D2-42FB62337773\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ax7501-b0_firmware:5.17\\\\(abpc.4\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADBFF951-7503-45B3-838D-5CEFC1E22303\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78473083-F702-4B81-AAA0-B66A0984FF6B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ax7501-b1_firmware:5.17\\\\(abpc.4\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"502DDF99-A3B5-4C7D-B4FD-79420528A515\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"780BBA7D-7E2C-4624-AA15-8A51F3DF428F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wx3100-t0_firmware:5.50\\\\(abl.3\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FE1D8E3-79DB-4645-9B08-E6F5B1A6CFE1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2C56248-D12F-46DC-A52F-0607E4A5DCCC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wx5600-t0_firmware:5.70\\\\(aceb.2\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B81FE3B9-8ECE-4FCA-BEFA-CEE7753E11E9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wx5610-b0_firmware:5.18\\\\(acgj.0\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4F867EE-2A8C-4CDF-9D02-6E739BEA6A81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wx5610-b0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88909887-E078-4EC5-BA49-2EFCABF1EB1B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nbg7510_firmware:1.00\\\\(abzy.5\\\\)c0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63872C8C-7B9B-4AC0-9CE4-CC5B9AB93691\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nbg7510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98CB675F-DF0C-46C3-B206-CCFF407D2BA6\"}]}]}],\"references\":[{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024\",\"source\":\"security@zyxel.com.tw\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:23:27.734Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-37929\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-20T15:15:31.555736Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-20T15:15:50.926Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Zyxel\", \"product\": \"V5.50(ABPM.8)C0 firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"V5.50(ABPM.8)C0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"shortName\": \"Zyxel\", \"dateUpdated\": \"2024-05-21T01:23:53.073Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-37929\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T17:23:27.734Z\", \"dateReserved\": \"2023-07-11T01:52:33.655Z\", \"assignerOrgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"datePublished\": \"2024-05-21T01:23:53.073Z\", \"assignerShortName\": \"Zyxel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.