CVE-2024-42058

Published: Sep 3, 2024Modified: Dec 13, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: security@zyxel.com.tw (Secondary)

Description

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.

Affected (3)

Products: Zyxel: Zld

Zyxel

1 product

Zld

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.32 to 5.39

Running on/with	Platform Versions
Zyxel Atp100	All versions
Zyxel Atp100w	All versions
Zyxel Atp200	All versions
Zyxel Atp500	All versions
Zyxel Atp700	All versions
Zyxel Atp800	All versions

Configuration B

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.50 to 5.39

Running on/with	Platform Versions
Zyxel Usg Flex 100	All versions
Zyxel Usg Flex 100ax	All versions
Zyxel Usg Flex 100w	All versions
Zyxel Usg Flex 200	All versions
Zyxel Usg Flex 50	All versions
Zyxel Usg Flex 500	All versions
Zyxel Usg Flex 700	All versions

Configuration C

1 platform

Running on/with	Platform Versions
Zyxel Usg Flex 50w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Zld	From 4.20 to 5.39

Running on/with	Platform Versions
Zyxel Usg 20w Vpn	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (1)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024

Source: security@zyxel.com.tw

Vendor Advisory

Timeline

No history available yet.