CVE-2022-26414

Name: CVE-2022-26414
Creator: NVD / NIST
Published: 2022-04-11T13:15:07.857+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.20%

Last modified Jun 17, 2026

CVE-2022-26414 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.. EPSS estimates a 0.20% chance of exploitation in the next 30 days.

Description

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.20%

10.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Zyxel	Vmg3312-T20a Firmware	5.30\(abfx.5\)c0
Zyxel	Emg3525-T50b Firmware	< 5.50\(abpm.6\)c0
Zyxel	Emg5523-T50b Firmware	< 5.50\(abpm.6\)c0
Zyxel	Emg5723-T50k Firmware	< 5.50\(abom.7\)c0
Zyxel	Emg6726-B10a Firmware	< 5.13\(abnp.7\)c0
Zyxel	Vmg1312-T20b Firmware	< 5.50\(absb.5\)c0
Zyxel	Vmg3625-T50b Firmware	< 5.50\(abpm.6\)c0
Zyxel	Vmg3927-B50a Firmware	< 5.17\(abmt.6\)c0
Zyxel	Vmg3927-B50b Firmware	< 5.13\(ably.7\)c0
Zyxel	Vmg3927-B60a Firmware	< 5.17\(abmt.6\)c0
Zyxel	Vmg3927-T50k Firmware	< 5.50\(abom.7\)c0
Zyxel	Vmg4927-B50a Firmware	< 5.13\(ably.7\)c0
Zyxel	Vmg8623-T50b Firmware	< 5.50\(abpm.6\)c0
Zyxel	Vmg8825-B50a Firmware	< 5.17\(abmt.6\)c0
Zyxel	Vmg8825-B50b Firmware	< 5.17\(abny.7\)c0
Zyxel	Vmg8825-T50k Firmware	< 5.50\(abom.7\)c0
Zyxel	Vmg8825-B60a Firmware	< 5.17\(abmt.6\)c0
Zyxel	Vmg8825-B60b Firmware	< 5.17\(abny.7\)c0
Zyxel	Xmg3927-B50a Firmware	< 5.17\(abmt.6\)c0
Zyxel	Xmg8825-B50a Firmware	< 5.17\(abmt.6\)c0
Zyxel	Dx5401-B0 Firmware	< 5.17\(abyo.1\)c0
Zyxel	Ex3510-B0 Firmware	< 5.17\(abup.4\)c1
Zyxel	Ex5401-B0 Firmware	< 5.17\(abyo.1\)c0
Zyxel	Ex5501-B0 Firmware	< 5.17\(abry.2\)c0
Zyxel	Ax7501-B0 Firmware	< 5.17\(abpc.1\)c0
Zyxel	Ep240p Firmware	< 5.40\(abh.0\)c0
Zyxel	Pm7300-T0 Firmware	< 5.42\(acbc.1\)c0
Zyxel	Pmg5317-T20b Firmware	< 5.40\(abki.4\)c0
Zyxel	Pmg5617ga Firmware	< 5.40\(abna.2\)c0
Zyxel	Pmg5617-T20b2 Firmware	< 5.41\(acbb.1\)c0
Zyxel	Pmg5622ga Firmware	< 5.40\(abnb.2\)c0
Zyxel	Px7501-B0 Firmware	< 5.17\(abpc.1\)c0

References

Timeline

Published: Apr 11, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-26414?

How severe is CVE-2022-26414?

CVE-2022-26414 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.20% probability of exploitation in the next 30 days.

How do I fix CVE-2022-26414?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-26414?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST