June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Amadey Botnet – Active IOCs
September 25, 2024
RedLine Stealer – Active IOCs
September 26, 2024
Amadey Botnet – Active IOCs
September 25, 2024
RedLine Stealer – Active IOCs
September 26, 2024
Severity
Medium
Analysis Summary
CVE-2024-38269 CVSS:4.9
Multiple Zyxel products are vulnerable to a denial of service, caused by a buffer overflow flaw in the USB file-sharing handler. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a thread crash on the device.
CVE-2024-38268 CVSS:4.9
Multiple Zyxel products are vulnerable to a denial of service, caused by a buffer overflow flaw in the MAC address parser. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a thread crash on the device.
CVE-2024-38267 CVSS:4.9
Multiple Zyxel products are vulnerable to a denial of service, caused by a buffer overflow flaw in the IPv6 address parser. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a thread crash on the device.
CVE-2024-38266 CVSS:4.9
Multiple Zyxel products are vulnerable to a denial of service, caused by a buffer overflow flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a thread crash on the device.
Impact
- Denial of Service
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2024-38269
- CVE-2024-38268
- CVE-2024-38267
- CVE-2024-38266
Affected Vendors
Zyxel
Affected Products
- Zyxel DX3300-T0 - 5.50(ABVY.5)C0
- Zyxel DX3301-T0 - 5.50(ABVY.5)C0
- Zyxel AX7501-B0 - 5.17(ABPC.5)C0
- Zyxel PM3100-T0 - 5.42(ACBF.2)C0
Remediation
Refer to Zyxel Website for patch, upgrade or suggested workaround information.
