Severity
Medium
Analysis Summary
CVE-2024-38269 CVSS:4.9
Multiple Zyxel products are vulnerable to a denial of service, caused by a buffer overflow flaw in the USB file-sharing handler. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a thread crash on the device.
CVE-2024-38268 CVSS:4.9
Multiple Zyxel products are vulnerable to a denial of service, caused by a buffer overflow flaw in the MAC address parser. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a thread crash on the device.
CVE-2024-38267 CVSS:4.9
Multiple Zyxel products are vulnerable to a denial of service, caused by a buffer overflow flaw in the IPv6 address parser. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a thread crash on the device.
CVE-2024-38266 CVSS:4.9
Multiple Zyxel products are vulnerable to a denial of service, caused by a buffer overflow flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a thread crash on the device.
Impact
- Denial of Service
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2024-38269
- CVE-2024-38268
- CVE-2024-38267
- CVE-2024-38266
Affected Vendors
Affected Products
- Zyxel DX3300-T0 - 5.50(ABVY.5)C0
- Zyxel DX3301-T0 - 5.50(ABVY.5)C0
- Zyxel AX7501-B0 - 5.17(ABPC.5)C0
- Zyxel PM3100-T0 - 5.42(ACBF.2)C0
Remediation
Refer to Zyxel Website for patch, upgrade or suggested workaround information.