CVE-2024-38266

Published: Sep 24, 2024Modified: Feb 24, 2026

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.2 / Impact: 3.6

Source: security@zyxel.com.tw (Secondary)

Description

An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

Affected (43)

Products: Zyxel: Dx3300 T0 Firmware, Dx3300 T1 Firmware, Dx3301 T0 Firmware, Dx4510 B0 Firmware, Dx4510 B1 Firmware, Dx5401 B0 Firmware, Dx5401 B1 Firmware, Ex3300 T0 Firmware, Ex3300 T1 Firmware, Ex3301 T0 Firmware, Ex3500 T0 Firmware, Ex3501 T0 Firmware, Ex3510 B0 Firmware, Ex3510 B1 Firmware, Ex3600 T0 Firmware, Ex5401 B0 Firmware, Ex5401 B1 Firmware, Ex5510 B0 Firmware, Ex5512 T0 Firmware, Ex5601 T0 Firmware, Ex5601 T1 Firmware, Ex7501 B0 Firmware, Ex7710 B0 Firmware, Emg3525 T50b Firmware, Emg5523 T50b Firmware, Emg5723 T50k Firmware, Vmg3625 T50b Firmware, Vmg3927 T50k Firmware, Vmg4005 B50a Firmware, Vmg4005 B60a Firmware, Vmg8623 T50b Firmware, Vmg8825 T50k Firmware, Ax7501 B0 Firmware, Ax7501 B1 Firmware, Pm3100 T0 Firmware, Pm5100 T0 Firmware, Pm7300 T0 Firmware, Px3321 T1 Firmware, Scr50axe Firmware, Wx3100 T0 Firmware, Wx3401 B0 Firmware, Wx5600 T0 Firmware

42 products

Emg3525 T50b Firmware

Emg5523 T50b Firmware

Emg5723 T50k Firmware

Vmg3625 T50b Firmware

Vmg3927 T50k Firmware

Vmg4005 B50a Firmware

Vmg4005 B60a Firmware

Vmg8623 T50b Firmware

Vmg8825 T50k Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Dx3300 T0 Firmware	Before 5.50\(abvy.5\)c0

Running on/with	Platform Versions
Zyxel Dx3300 T0	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Dx3300 T1 Firmware	Before 5.50\(abvy.5\)c0

Running on/with	Platform Versions
Zyxel Dx3300 T1	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Dx3301 T0 Firmware	Before 5.50\(abvy.5\)c0

Running on/with	Platform Versions
Zyxel Dx3301 T0	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Dx4510 B0 Firmware	Before 5.17\(abyl.6\)c0

Running on/with	Platform Versions
Zyxel Dx4510 B0	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Dx4510 B1 Firmware	Before 5.17\(abyl.6\)c0

Running on/with	Platform Versions
Zyxel Dx4510 B1	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Dx5401 B0 Firmware	Before 5.17\(abyo.6\)c0

Running on/with	Platform Versions
Zyxel Dx5401 B0	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Dx5401 B1 Firmware	Before 5.17\(abyo.6\)c0

Running on/with	Platform Versions
Zyxel Dx5401 B1	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex3300 T0 Firmware	Before 5.50\(abvy.5\)c0

Running on/with	Platform Versions
Zyxel Ex3300 T0	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex3300 T1 Firmware	Before 5.50\(abvy.5\)c0

Running on/with	Platform Versions
Zyxel Ex3300 T1	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex3301 T0 Firmware	Before 5.50\(abvy.5\)c0

Running on/with	Platform Versions
Zyxel Ex3301 T0	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex3500 T0 Firmware	Before 5.44\(achr.1\)c0

Running on/with	Platform Versions
Zyxel Ex3500 T0	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex3501 T0 Firmware	Before 5.44\(achr.1\)c0

Running on/with	Platform Versions
Zyxel Ex3501 T0	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex3510 B0 Firmware	Before 5.17\(abup.11\)c0

Running on/with	Platform Versions
Zyxel Ex3510 B0	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex3510 B1 Firmware	Before 5.17\(abup.11\)c0

Running on/with	Platform Versions
Zyxel Ex3510 B1	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex3600 T0 Firmware	Before 5.70\(acif.0.2\)c0

Running on/with	Platform Versions
Zyxel Ex3600 T0	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex5401 B0 Firmware	Before 5.17\(abyo.6\)c0

Running on/with	Platform Versions
Zyxel Ex5401 B0	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex5401 B1 Firmware	Before 5.17\(abyo.6\)c0

Running on/with	Platform Versions
Zyxel Ex5401 B1	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex5510 B0 Firmware	Before 5.17\(abqx.9\)c0

Running on/with	Platform Versions
Zyxel Ex5510 B0	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex5512 T0 Firmware	Before 5.70\(aceg.3\)c1

Running on/with	Platform Versions
Zyxel Ex5512 T0	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex5601 T0 Firmware	Before 5.70\(acdz.3\)c0

Running on/with	Platform Versions
Zyxel Ex5601 T0	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex5601 T1 Firmware	Before 5.70\(acdz.3\)c0

Running on/with	Platform Versions
Zyxel Ex5601 T1	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex7501 B0 Firmware	Before 5.18\(achn.1\)c0

Running on/with	Platform Versions
Zyxel Ex7501 B0	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ex7710 B0 Firmware	Before 5.18\(acak.1\)c0

Running on/with	Platform Versions
Zyxel Ex7710 B0	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Emg3525 T50b Firmware	Before 5.50\(abpm.9\)c0

Running on/with	Platform Versions
Zyxel Emg3525 T50b	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Emg5523 T50b Firmware	Before 5.50\(abpm.9\)c0

Running on/with	Platform Versions
Zyxel Emg5523 T50b	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Emg5723 T50k Firmware	Before 5.50\(abom.8\)c0

Running on/with	Platform Versions
Zyxel Emg5723 T50k	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vmg3625 T50b Firmware	Before 5.50\(abpm.9\)c0

Running on/with	Platform Versions
Zyxel Vmg3625 T50b	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vmg3927 T50k Firmware	Before 5.50\(abom.8\)c0

Running on/with	Platform Versions
Zyxel Vmg3927 T50k	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vmg4005 B50a Firmware	Before 5.17\(abqa.2\)c0

Running on/with	Platform Versions
Zyxel Vmg4005 B50a	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vmg4005 B60a Firmware	Before 5.17\(abqa.2\)c0

Running on/with	Platform Versions
Zyxel Vmg4005 B60a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vmg8623 T50b Firmware	Before 5.50\(abpm.9\)c0

Running on/with	Platform Versions
Zyxel Vmg8623 T50b	All versions

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Zyxel Vmg8825 T50k Firmware	Before 5.50\(abom.8\)c0

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vmg8825 T50k Firmware	Before 5.50\(abpy.1\)b24

Running on/with	Platform Versions
Zyxel Vmg8825 T50k	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ax7501 B0 Firmware	Before 5.17\(abpc.5\)c0

Running on/with	Platform Versions
Zyxel Ax7501 B0	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ax7501 B1 Firmware	Before 5.17\(abpc.5\)c0

Running on/with	Platform Versions
Zyxel Ax7501 B1	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Pm3100 T0 Firmware	Before 5.42\(acbf.2\)c0

Running on/with	Platform Versions
Zyxel Pm3100 T0	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Pm5100 T0 Firmware	Before 5.42\(acbf.2\)c0

Running on/with	Platform Versions
Zyxel Pm5100 T0	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Pm7300 T0 Firmware	Before 5.42\(abyy.2.1\)c0

Running on/with	Platform Versions
Zyxel Pm7300 T0	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Px3321 T1 Firmware	Before 5.44\(acjb.0\)c0

Running on/with	Platform Versions
Zyxel Px3321 T1	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Scr50axe Firmware	Before 1.10\(acgn.3\)c0

Running on/with	Platform Versions
Zyxel Scr 50axe	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wx3100 T0 Firmware	Before 5.50\(abvl.4.3\)c0

Running on/with	Platform Versions
Zyxel Wx3100 T0	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wx3401 B0 Firmware	Before 5.17\(abve.2.5\)c0

Running on/with	Platform Versions
Zyxel Wx3401 B0	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wx5600 T0 Firmware	Before 5.70\(aceb.3.2\)c0

Running on/with	Platform Versions
Zyxel Wx5600 T0	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024

Source: security@zyxel.com.tw

Vendor Advisory

Timeline

No history available yet.