CVE-2024-8882

MEDIUM

4.5

Descripcion

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

Detalles CVE

Puntuacion CVSS v3.14.5

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Vector de ataqueADJACENT_NETWORK

ComplejidadLOW

Privilegios requeridosHIGH

Interaccion usuarioNONE

Publicado11/12/2024

Ultima modificacion11/14/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

zyxel:gs1900-10hpzyxel:gs1900-10hp_firmwarezyxel:gs1900-16zyxel:gs1900-16_firmwarezyxel:gs1900-24zyxel:gs1900-24_firmwarezyxel:gs1900-24ezyxel:gs1900-24e_firmwarezyxel:gs1900-24epzyxel:gs1900-24ep_firmwarezyxel:gs1900-24hpv2zyxel:gs1900-24hpv2_firmwarezyxel:gs1900-48zyxel:gs1900-48_firmwarezyxel:gs1900-48hpv2zyxel:gs1900-48hpv2_firmwarezyxel:gs1900-8zyxel:gs1900-8_firmwarezyxel:gs1900-8hpzyxel:gs1900-8hp_firmware

Debilidades (CWE)

CWE-120

Referencias

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024(security@zyxel.com.tw)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.