Analysis Summary

CVE-2024-8748 CVSS:7.5

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

CVE-2024-9197 CVSS:4.9

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

CVE-2024-9200 CVSS:7.2

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

CVE-2024-11667 CVSS:9.8

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

CVE-2024-11494 CVSS:7.5

The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method.

CVE-2024-8881 CVSS:6.8

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.

CVE-2024-8882 CVSS:4.5

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

CVE-2024-9677 CVSS:7.8

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.

Impact

• Denial of Service
• Gain Access
• Buffer Overflow
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-8748
• CVE-2024-9197
• CVE-2024-9200
• CVE-2024-11667
• CVE-2024-11494
• CVE-2024-8881
• CVE-2024-8882
• CVE-2024-9677

Affected Vendors

Remediation

Refer to Zyxel Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-8748

CVE-2024-9197

CVE-2024-9200

CVE-2024-11667

CVE-2024-11494

CVE-2024-8881

CVE-2024-8882

CVE-2024-9677