Multiple vulnerabilities in Zyxel products



Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2024-38266
CVE-2024-38267
CVE-2024-38268
CVE-2024-38269
CWE-ID CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
 DX3300-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

DX3300-T1
Hardware solutions / Routers & switches, VoIP, GSM, etc

DX3301-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

DX4510-B1
Hardware solutions / Routers & switches, VoIP, GSM, etc

DX5401-B1
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3300-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3300-T1
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3301-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3500-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3501-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3510-B1
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3600-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX5401-B1
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX5512-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX5601-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX5601-T1
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX7501-B0
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX7710-B0
Hardware solutions / Routers & switches, VoIP, GSM, etc

VMG4005-B50A
Hardware solutions / Routers & switches, VoIP, GSM, etc

VMG4005-B60A
Hardware solutions / Routers & switches, VoIP, GSM, etc

AX7501-B1
Hardware solutions / Routers & switches, VoIP, GSM, etc

PM3100-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

PM5100-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

PX3321-T1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCR50AXE
Hardware solutions / Routers & switches, VoIP, GSM, etc

WX3100-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

WX3401-B0
Hardware solutions / Routers & switches, VoIP, GSM, etc

WX5600-T0
Hardware solutions / Routers & switches, VoIP, GSM, etc

DX4510-B0
Hardware solutions / Firmware

AX7501-B0
Hardware solutions / Firmware

DX5401-B0
Hardware solutions / Routers for home users

EX3510-B0
Hardware solutions / Routers for home users

EX5401-B0
Hardware solutions / Routers for home users

EX5510-B0
Hardware solutions / Routers for home users

EMG3525-T50B
Hardware solutions / Routers for home users

EMG5523-T50B
Hardware solutions / Routers for home users

EMG5723-T50K
Hardware solutions / Routers for home users

VMG3625-T50B
Hardware solutions / Routers for home users

VMG3927-T50K
Hardware solutions / Routers for home users

VMG8623-T50B
Hardware solutions / Routers for home users

VMG8825-T50K
Hardware solutions / Routers for home users

PM7300-T0
Hardware solutions / Routers for home users

Vendor ZyXEL Communications Corp.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU97664

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38266

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the parameter type parser. A remote administrator can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DX3300-T0: - - 5.50(ABVY.5)C0

DX3300-T1: - - 5.50(ABVY.5)C0

DX3301-T0: - - 5.50(ABVY.5)C0

DX4510-B0: - - 5.17(ABYL.6)C0

DX4510-B1: - - 5.17(ABYL.6)C0

DX5401-B0: - - 5.17(ABYO.6)C0

DX5401-B1: - - 5.17(ABYO.6)C0

EX3300-T0: - - 5.50(ABVY.5)C0

EX3300-T1: - - 5.50(ABVY.5)C0

EX3301-T0: - - 5.50(ABVY.5)C0

EX3500-T0: - - 5.44(ACHR.1)C0

EX3501-T0: - - 5.44(ACHR.1)C0

EX3510-B0: - - 5.17(ABUP.11)C0

EX3510-B1: - - 5.17(ABUP.11)C0

EX3600-T0: - - 5.70(ACIF.0.2)C0

EX5401-B0: - - 5.17(ABYO.6)C0

EX5401-B1: - - 5.17(ABYO.6)C0

EX5510-B0: - - 5.17(ABQX.9)C0

EX5512-T0: - - 5.70(ACEG.3)C1

EX5601-T0: - - 5.70(ACDZ.3)C0

EX5601-T1: - - 5.70(ACDZ.3)C0

EX7501-B0: - - 5.18(ACHN.1)C0

EX7710-B0: - - 5.18(ACAK.1)C0

EMG3525-T50B: - - 5.50(ABPM.9)C0

EMG5523-T50B: - - 5.50(ABPM.9)C0

EMG5723-T50K: - - 5.50(ABOM.8)C0

VMG3625-T50B: - - 5.50(ABPM.9)C0

VMG3927-T50K: - - 5.50(ABOM.8)C0

VMG4005-B50A: - - 5.17(ABQA.2)C0

VMG4005-B60A: - - 5.17(ABQA.2)C0

VMG8623-T50B: - - 5.50(ABPM.9)C0

VMG8825-T50K: - - 5.50(ABPY.1)b24

AX7501-B0: - - 5.17(ABPC.5)C0

AX7501-B1: - - 5.17(ABPC.5)C0

PM3100-T0: - - 5.42(ACBF.2)C0

PM5100-T0: - - 5.42(ACBF.2)C0

PM7300-T0: - - 5.42(ABYY.2.1)C0

PX3321-T1: - - 5.44(ACJB.0)C0

SCR50AXE: - - 1.10(ACGN.2)C0

WX3100-T0: - - 5.50(ABVL.4.2)C0

WX3401-B0: - - 5.17(ABVE.2.4)C0

WX5600-T0: - - 5.70(ACEB.3)C0

CPE2.3 External links

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU97665

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38267

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the IPv6 address parser. A remote administrator can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DX3300-T0: - - 5.50(ABVY.5)C0

DX3300-T1: - - 5.50(ABVY.5)C0

DX3301-T0: - - 5.50(ABVY.5)C0

DX4510-B0: - - 5.17(ABYL.6)C0

DX4510-B1: - - 5.17(ABYL.6)C0

DX5401-B0: - - 5.17(ABYO.6)C0

DX5401-B1: - - 5.17(ABYO.6)C0

EX3300-T0: - - 5.50(ABVY.5)C0

EX3300-T1: - - 5.50(ABVY.5)C0

EX3301-T0: - - 5.50(ABVY.5)C0

EX3500-T0: - - 5.44(ACHR.1)C0

EX3501-T0: - - 5.44(ACHR.1)C0

EX3510-B0: - - 5.17(ABUP.11)C0

EX3510-B1: - - 5.17(ABUP.11)C0

EX3600-T0: - - 5.70(ACIF.0.2)C0

EX5401-B0: - - 5.17(ABYO.6)C0

EX5401-B1: - - 5.17(ABYO.6)C0

EX5510-B0: - - 5.17(ABQX.9)C0

EX5512-T0: - - 5.70(ACEG.3)C1

EX5601-T0: - - 5.70(ACDZ.3)C0

EX5601-T1: - - 5.70(ACDZ.3)C0

EX7501-B0: - - 5.18(ACHN.1)C0

EX7710-B0: - - 5.18(ACAK.1)C0

EMG3525-T50B: - - 5.50(ABPM.9)C0

EMG5523-T50B: - - 5.50(ABPM.9)C0

EMG5723-T50K: - - 5.50(ABOM.8)C0

VMG3625-T50B: - - 5.50(ABPM.9)C0

VMG3927-T50K: - - 5.50(ABOM.8)C0

VMG4005-B50A: - - 5.17(ABQA.2)C0

VMG4005-B60A: - - 5.17(ABQA.2)C0

VMG8623-T50B: - - 5.50(ABPM.9)C0

VMG8825-T50K: - - 5.50(ABPY.1)b24

AX7501-B0: - - 5.17(ABPC.5)C0

AX7501-B1: - - 5.17(ABPC.5)C0

PM3100-T0: - - 5.42(ACBF.2)C0

PM5100-T0: - - 5.42(ACBF.2)C0

PM7300-T0: - - 5.42(ABYY.2.1)C0

PX3321-T1: - - 5.44(ACJB.0)C0

SCR50AXE: - - 1.10(ACGN.2)C0

WX3100-T0: - - 5.50(ABVL.4.2)C0

WX3401-B0: - - 5.17(ABVE.2.4)C0

WX5600-T0: - - 5.70(ACEB.3)C0

CPE2.3 External links

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU97666

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38268

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the MAC address parser. A remote administrator can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DX3300-T0: - - 5.50(ABVY.5)C0

DX3300-T1: - - 5.50(ABVY.5)C0

DX3301-T0: - - 5.50(ABVY.5)C0

DX4510-B0: - - 5.17(ABYL.6)C0

DX4510-B1: - - 5.17(ABYL.6)C0

DX5401-B0: - - 5.17(ABYO.6)C0

DX5401-B1: - - 5.17(ABYO.6)C0

EX3300-T0: - - 5.50(ABVY.5)C0

EX3300-T1: - - 5.50(ABVY.5)C0

EX3301-T0: - - 5.50(ABVY.5)C0

EX3500-T0: - - 5.44(ACHR.1)C0

EX3501-T0: - - 5.44(ACHR.1)C0

EX3510-B0: - - 5.17(ABUP.11)C0

EX3510-B1: - - 5.17(ABUP.11)C0

EX3600-T0: - - 5.70(ACIF.0.2)C0

EX5401-B0: - - 5.17(ABYO.6)C0

EX5401-B1: - - 5.17(ABYO.6)C0

EX5510-B0: - - 5.17(ABQX.9)C0

EX5512-T0: - - 5.70(ACEG.3)C1

EX5601-T0: - - 5.70(ACDZ.3)C0

EX5601-T1: - - 5.70(ACDZ.3)C0

EX7501-B0: - - 5.18(ACHN.1)C0

EX7710-B0: - - 5.18(ACAK.1)C0

EMG3525-T50B: - - 5.50(ABPM.9)C0

EMG5523-T50B: - - 5.50(ABPM.9)C0

EMG5723-T50K: - - 5.50(ABOM.8)C0

VMG3625-T50B: - - 5.50(ABPM.9)C0

VMG3927-T50K: - - 5.50(ABOM.8)C0

VMG4005-B50A: - - 5.17(ABQA.2)C0

VMG4005-B60A: - - 5.17(ABQA.2)C0

VMG8623-T50B: - - 5.50(ABPM.9)C0

VMG8825-T50K: - - 5.50(ABPY.1)b24

AX7501-B0: - - 5.17(ABPC.5)C0

AX7501-B1: - - 5.17(ABPC.5)C0

PM3100-T0: - - 5.42(ACBF.2)C0

PM5100-T0: - - 5.42(ACBF.2)C0

PM7300-T0: - - 5.42(ABYY.2.1)C0

PX3321-T1: - - 5.44(ACJB.0)C0

SCR50AXE: - - 1.10(ACGN.2)C0

WX3100-T0: - - 5.50(ABVL.4.2)C0

WX3401-B0: - - 5.17(ABVE.2.4)C0

WX5600-T0: - - 5.70(ACEB.3)C0

CPE2.3 External links

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU97667

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38269

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the USB file-sharing handler. A remote administrator can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DX3300-T0: - - 5.50(ABVY.5)C0

DX3300-T1: - - 5.50(ABVY.5)C0

DX3301-T0: - - 5.50(ABVY.5)C0

DX4510-B0: - - 5.17(ABYL.6)C0

DX4510-B1: - - 5.17(ABYL.6)C0

DX5401-B0: - - 5.17(ABYO.6)C0

DX5401-B1: - - 5.17(ABYO.6)C0

EX3300-T0: - - 5.50(ABVY.5)C0

EX3300-T1: - - 5.50(ABVY.5)C0

EX3301-T0: - - 5.50(ABVY.5)C0

EX3500-T0: - - 5.44(ACHR.1)C0

EX3501-T0: - - 5.44(ACHR.1)C0

EX3510-B0: - - 5.17(ABUP.11)C0

EX3510-B1: - - 5.17(ABUP.11)C0

EX3600-T0: - - 5.70(ACIF.0.2)C0

EX5401-B0: - - 5.17(ABYO.6)C0

EX5401-B1: - - 5.17(ABYO.6)C0

EX5510-B0: - - 5.17(ABQX.9)C0

EX5512-T0: - - 5.70(ACEG.3)C1

EX5601-T0: - - 5.70(ACDZ.3)C0

EX5601-T1: - - 5.70(ACDZ.3)C0

EX7501-B0: - - 5.18(ACHN.1)C0

EX7710-B0: - - 5.18(ACAK.1)C0

EMG3525-T50B: - - 5.50(ABPM.9)C0

EMG5523-T50B: - - 5.50(ABPM.9)C0

EMG5723-T50K: - - 5.50(ABOM.8)C0

VMG3625-T50B: - - 5.50(ABPM.9)C0

VMG3927-T50K: - - 5.50(ABOM.8)C0

VMG4005-B50A: - - 5.17(ABQA.2)C0

VMG4005-B60A: - - 5.17(ABQA.2)C0

VMG8623-T50B: - - 5.50(ABPM.9)C0

VMG8825-T50K: - - 5.50(ABPY.1)b24

AX7501-B0: - - 5.17(ABPC.5)C0

AX7501-B1: - - 5.17(ABPC.5)C0

PM3100-T0: - - 5.42(ACBF.2)C0

PM5100-T0: - - 5.42(ACBF.2)C0

PM7300-T0: - - 5.42(ABYY.2.1)C0

PX3321-T1: - - 5.44(ACJB.0)C0

SCR50AXE: - - 1.10(ACGN.2)C0

WX3100-T0: - - 5.50(ABVL.4.2)C0

WX3401-B0: - - 5.17(ABVE.2.4)C0

WX5600-T0: - - 5.70(ACEB.3)C0

CPE2.3 External links

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###