SB2024092440 - Multiple vulnerabilities in Zyxel products

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2024-38266)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the parameter type parser. A remote administrator can trigger memory corruption and cause a denial of service condition on the target system.

2) Buffer overflow (CVE-ID: CVE-2024-38267)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the IPv6 address parser. A remote administrator can trigger memory corruption and cause a denial of service condition on the target system.

3) Buffer overflow (CVE-ID: CVE-2024-38268)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the MAC address parser. A remote administrator can trigger memory corruption and cause a denial of service condition on the target system.

4) Buffer overflow (CVE-ID: CVE-2024-38269)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the USB file-sharing handler. A remote administrator can trigger memory corruption and cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

• https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024