CVE-2023-37929

Name: CVE-2023-37929
Creator: NVD / NIST
Published: 2024-05-21T02:15:08.47+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 0.55%

Last modified Jun 17, 2026

CVE-2023-37929 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.. EPSS estimates a 0.55% chance of exploitation in the next 30 days.

Description

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.55%

41.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions
Zyxel	Dx3300-T1 Firmware	5.50\(aby.4\)c0
Zyxel	Dx3301-T0 Firmware	5.50\(aby.4\)c0
Zyxel	Dx4510 Firmware	5.17\(abyl.5\)c0
Zyxel	Dx5401-B0 Firmware	5.17\(abyo.5\)c0
Zyxel	Dx5401-B1 Firmware	5.17\(abyo.5\)c0
Zyxel	Emg3525-T50b Firmware	5.50\(abpm.8\)c0
Zyxel	Emg5523-T50b Firmware	5.50\(abpm.8\)c0
Zyxel	Emg5723-T50k Firmware	5.50\(abom.8.2\)c0
Zyxel	Ex3300-T1 Firmware	5.50\(aby.4\)c0
Zyxel	Ex3301-T0 Firmware	5.50\(aby.4\)c0
Zyxel	Ex3500-T0 Firmware	5.44\(achr.0\)c0
Zyxel	Ex3501-T0 Firmware	5.44\(achr.0\)c0
Zyxel	Ex3510 Firmware	5.17\(abup.9\)c0
Zyxel	Ex5401-B0 Firmware	5.17\(abyo.5\)c0
Zyxel	Ex5401-B1 Firmware	5.17\(abyo.5\)c0
Zyxel	Ex5501-B0 Firmware	5.17\(abry.4\)c0
Zyxel	Ex5510 Firmware	5.17\(abqx.8\)c0
Zyxel	Ex5512-T0 Firmware	5.70\(aceg.2\)c0
Zyxel	Ex5600-T1 Firmware	5.70\(acdz.2\)c0
Zyxel	Ex5601-T0 Firmware	5.70\(acdz.2\)c0
Zyxel	Ex5601-T1 Firmware	5.70\(acdz.2\)c0
Zyxel	Ex7710-B0 Firmware	5.18\(acak.0\)c0
Zyxel	Vmg3625-T50b Firmware	5.50\(abpm.8\)c0
Zyxel	Vmg3927-T50k Firmware	5.50\(abom.8.2\)c0
Zyxel	Vmg8623-T50b Firmware	5.50\(abpm.8\)c0
Zyxel	Vmg8825-T50k Firmware	5.50\(abom.8.2\)c0
Zyxel	Ax7501-B0 Firmware	5.17\(abpc.4\)c0
Zyxel	Ax7501-B1 Firmware	5.17\(abpc.4\)c0
Zyxel	Wx3100-T0 Firmware	5.50\(abl.3\)c0
Zyxel	Wx5600-T0 Firmware	5.70\(aceb.2\)c0
Zyxel	Wx5610-B0 Firmware	5.18\(acgj.0\)c0
Zyxel	Nbg7510 Firmware	1.00\(abzy.5\)c0

References

Timeline

Published: May 21, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2023-37929?

How severe is CVE-2023-37929?

CVE-2023-37929 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.55% probability of exploitation in the next 30 days.

How do I fix CVE-2023-37929?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-37929?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST