CVE-2024-8882
Last modified
CVE-2024-8882 is a medium-severity vulnerability rated 4.5/10 on the CVSS scale. A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.
Metrics
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Gs1900-8 Firmware | < 2.90\(aahh.0\)c0 |
| Zyxel | Gs1900-8hp Firmware | < 2.90\(aahi.0\)c0 |
| Zyxel | Gs1900-10hp Firmware | < 2.90\(aazi.0\)c0 |
| Zyxel | Gs1900-16 Firmware | < 2.90\(aahj.0\)c0 |
| Zyxel | Gs1900-24 Firmware | < 2.90\(aahl.0\)c0 |
| Zyxel | Gs1900-24e Firmware | < 2.90\(aahk.0\)c0 |
| Zyxel | Gs1900-24ep Firmware | < 2.90\(abto.0\)c0 |
| Zyxel | Gs1900-24hpv2 Firmware | < 2.90\(abtp.0\)c0 |
| Zyxel | Gs1900-48 Firmware | < 2.90\(aahn.0\)c0 |
| Zyxel | Gs1900-48hpv2 Firmware | < 2.90\(abtq.0\)c0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-8882?
How severe is CVE-2024-8882?
How do I fix CVE-2024-8882?
Are you affected by CVE-2024-8882?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST