CVE-2024-8748
Last modified
CVE-2024-8748 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.. EPSS estimates a 0.49% chance of exploitation in the next 30 days.
Description
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Lte3301-Plus Firmware | < 1.00\(abqu.6\)c0 |
| Zyxel | Lte5388-M804 Firmware | < 1.00\(absq.5\)c0 |
| Zyxel | Lte5398-M904 Firmware | < 1.00\(abq.5\)c0 |
| Zyxel | Lte7480-M804 Firmware | < 1.00\(abra.10\)c0 |
| Zyxel | Lte7490-M904 Firmware | < 1.00\(abqy.9\)c0 |
| Zyxel | Nr7101 Firmware | < 1.00\(abu.11\)c0 |
| Zyxel | Nr7102 Firmware | < 1.00\(abyd.4\)c0 |
| Zyxel | Nebula Nr5101 Firmware | < 1.16\(accg.1\)c0 |
| Zyxel | Nebula Nr7101 Firmware | < 1.16\(accc.1\)c0 |
| Zyxel | Nebula Lte3301-Plus Firmware | < 1.18\(acca.5\)c0 |
| Zyxel | Dx3300-T0 Firmware | < 5.50\(aby.5.4\)c0 |
| Zyxel | Dx3300-T1 Firmware | < 5.50\(aby.5.4\)c0 |
| Zyxel | Dx3301-T0 Firmware | < 5.50\(aby.5.4\)c0 |
| Zyxel | Dx4510-B0 Firmware | < 5.17\(abyl.8\)c0 |
| Zyxel | Dx4510-B1 Firmware | < 5.17\(abyl.8\)c0 |
| Zyxel | Dx5401-B0 Firmware | < 5.17\(abyo.6.4\)c0 |
| Zyxel | Dx5401-B1 Firmware | < 5.17\(abyo.6.4\)c0 |
| Zyxel | Ee6510-10 Firmware | < 5.19\(acjq.1\)c0 |
| Zyxel | Ex2210-T0 Firmware | < 5.50\(acdi.2\)c0 |
| Zyxel | Ex3300-T0 Firmware | < 5.50\(aby.5.4\)c0 |
| Zyxel | Ex3300-T1 Firmware | < 5.50\(aby.5.4\)c0 |
| Zyxel | Ex3301-T0 Firmware | < 5.50\(aby.5.4\)c0 |
| Zyxel | Ex3500-T0 Firmware | < 5.44\(achr.3\)c0 |
| Zyxel | Ex3501-T0 Firmware | < 5.44\(achr.3\)c0 |
| Zyxel | Ex3510-B0 Firmware | < 5.17\(abup.13\)c0 |
| Zyxel | Ex3510-B1 Firmware | < 5.17\(abup.13\)c0 |
| Zyxel | Ex3600-T0 Firmware | < 5.70\(acif.0.4\)c0 |
| Zyxel | Ex5401-B0 Firmware | < 5.17\(abyo.6.4\)c0 |
| Zyxel | Ex5401-B1 Firmware | < 5.17\(abyo.6.4\)c0 |
| Zyxel | Ex5501-B0 Firmware | < 5.17\(abry.5.3\)c0 |
| Zyxel | Ex5510-B0 Firmware | < 5.17\(abqx.11\)c0 |
| Zyxel | Ex5512-T0 Firmware | < 5.70\(aceg4.2\)c0 |
| Zyxel | Ex5600-T1 Firmware | < 5.70\(acdz.3.4\)c0 |
| Zyxel | Ex5601-T0 Firmware | < 5.70\(acdz.3.4\)c0 |
| Zyxel | Ex5601-T1 Firmware | < 5.70\(acdz.3.4\)c0 |
| Zyxel | Ex7501-B0 Firmware | < 5.18\(achn.1.3\)c0 |
| Zyxel | Ex7710-B0 Firmware | < 5.18\(acak.1.1\)c0 |
| Zyxel | Emg3525-T50b Firmware | < 5.50\(abpm.9.3\)c0 |
| Zyxel | Emg5523-T50b Firmware | < 5.50\(abpm.9.3\)c0 |
| Zyxel | Emg5723-T50k Firmware | < 5.50\(abom.8.5\)c0 |
| Zyxel | Emg6726-B10a Firmware | < 5.13\(abnp.8\)c1 |
| Zyxel | Vmg3625-T50b Firmware | < 5.50\(abpm.9.3\)c0 |
| Zyxel | Vmg3927-B50b Firmware | < 5.13\(ably.9\)c1 |
| Zyxel | Vmg3927-T50k Firmware | < 5.50\(abom.8.5\)c0 |
| Zyxel | Vmg4005-B50a Firmware | < 5.15\(abqa.2.3\)c0 |
| Zyxel | Vmg4005-B60a Firmware | < 5.15\(abqa.2.3\)c0 |
| Zyxel | Vmg4005-B50b Firmware | < 5.13\(abrl.5.2\)c0 |
| Zyxel | Vmg4927-B50a Firmware | < 5.13\(ably.9\)c1 |
| Zyxel | Vmg8623-T50b Firmware | < 5.50\(abpm.9.3\)c0 |
| Zyxel | Vmg8825-T50k Firmware | < 5.50\(abom.8.5\)c0 |
Showing 50 of 65 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-8748?
How severe is CVE-2024-8748?
How do I fix CVE-2024-8748?
Are you affected by CVE-2024-8748?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST