4.5
CVE-2024-8882
- EPSS 0.05%
- Veröffentlicht 12.11.2024 02:15:19
- Zuletzt bearbeitet 14.11.2024 13:42:12
- Quelle security@zyxel.com.tw
- Teams Watchlist Login
- Unerledigt Login
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Gs1900-8 Firmware Version < 2.90\(aahh.0\)c0
Zyxel ≫ Gs1900-8hp Firmware Version < 2.90\(aahi.0\)c0
Zyxel ≫ Gs1900-10hp Firmware Version < 2.90\(aazi.0\)c0
Zyxel ≫ Gs1900-16 Firmware Version < 2.90\(aahj.0\)c0
Zyxel ≫ Gs1900-24 Firmware Version < 2.90\(aahl.0\)c0
Zyxel ≫ Gs1900-24e Firmware Version < 2.90\(aahk.0\)c0
Zyxel ≫ Gs1900-24ep Firmware Version < 2.90\(abto.0\)c0
Zyxel ≫ Gs1900-24hpv2 Firmware Version < 2.90\(abtp.0\)c0
Zyxel ≫ Gs1900-48 Firmware Version < 2.90\(aahn.0\)c0
Zyxel ≫ Gs1900-48hpv2 Firmware Version < 2.90\(abtq.0\)c0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.162 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 4.5 | 0.9 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.