CVE-2024-8882

MEDIUM

4.5

Description

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

CVE Details

CVSS v3.1 Score4.5

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionNONE

Published11/12/2024

Last Modified11/14/2024

Sourcenvd

Honeypot Sightings0

Affected Products

zyxel:gs1900-10hpzyxel:gs1900-10hp_firmwarezyxel:gs1900-16zyxel:gs1900-16_firmwarezyxel:gs1900-24zyxel:gs1900-24_firmwarezyxel:gs1900-24ezyxel:gs1900-24e_firmwarezyxel:gs1900-24epzyxel:gs1900-24ep_firmwarezyxel:gs1900-24hpv2zyxel:gs1900-24hpv2_firmwarezyxel:gs1900-48zyxel:gs1900-48_firmwarezyxel:gs1900-48hpv2zyxel:gs1900-48hpv2_firmwarezyxel:gs1900-8zyxel:gs1900-8_firmwarezyxel:gs1900-8hpzyxel:gs1900-8hp_firmware

Weaknesses (CWE)

CWE-120

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024(security@zyxel.com.tw)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.