Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38267

An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.9, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 82 products from zyxel, from zyxel, from zyxel and 79 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-09-24T02:15:02.750

Last Modified

2026-02-24T19:30:52.253

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-119
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	wx5600-t0_firmware	< 5.70\(aceb.3.2\)c0	Yes
Hardware	zyxel	wx5600-t0	-	No
Operating System	zyxel	wx3401-b0_firmware	< 5.17\(abve.2.5\)c0	Yes
Hardware	zyxel	wx3401-b0	-	No
Operating System	zyxel	wx3100-t0_firmware	< 5.50\(abvl.4.3\)c0	Yes
Hardware	zyxel	wx3100-t0	-	No
Operating System	zyxel	scr50axe_firmware	< 1.10\(acgn.3\)c0	Yes
Hardware	zyxel	scr_50axe	-	No
Operating System	zyxel	px3321-t1_firmware	< 5.44\(acjb.1\)c0	Yes
Hardware	zyxel	px3321-t1	-	No
Operating System	zyxel	pm7300-t0_firmware	< 5.42\(abyy.2.2\)c0	Yes
Hardware	zyxel	pm7300-t0	-	No
Operating System	zyxel	pm5100-t0_firmware	< 5.42\(acbf.2.1\)c0	Yes
Hardware	zyxel	pm5100-t0	-	No
Operating System	zyxel	pm3100-t0_firmware	< 5.42\(acbf.2.1\)c0	Yes
Hardware	zyxel	pm3100-t0	-	No
Operating System	zyxel	ax7501-b1_firmware	< 5.17\(abpc.5.2\)c0	Yes
Hardware	zyxel	ax7501-b1	-	No
Operating System	zyxel	vmg8825-t50k_firmware	< 5.50\(abom.8.4\)c0	Yes
Hardware	zyxel	vmg8825-t50k	-	No
Operating System	zyxel	vmg8623-t50b_firmware	< 5.50\(abpm.9.2\)c0	Yes
Hardware	zyxel	vmg8623-t50b	-	No
Operating System	zyxel	vmg4005-b60a_firmware	< 5.17\(abqa.2.2\)c0	Yes
Hardware	zyxel	vmg4005-b60a	-	No
Operating System	zyxel	vmg4005-b50a_firmware	< 5.17\(abqa.2.2\)c0	Yes
Hardware	zyxel	vmg4005-b50a	-	No
Operating System	zyxel	vmg3927-t50k_firmware	< 5.50\(abom.8.4\)c0	Yes
Hardware	zyxel	vmg3927-t50k	-	No
Operating System	zyxel	vmg3625-t50b_firmware	< 5.50\(abpm.9.2\)c0	Yes
Hardware	zyxel	vmg3625-t50b	-	No
Operating System	zyxel	emg5723-t50k_firmware	< 5.50\(abom.8.4\)c0	Yes
Hardware	zyxel	emg5723-t50k	-	No
Operating System	zyxel	emg5523-t50b_firmware	< 5.50\(abpm.9.2\)c0	Yes
Hardware	zyxel	emg5523-t50b	-	No
Operating System	zyxel	emg3525-t50b_firmware	< 5.50\(abpm.9.2\)c0	Yes
Hardware	zyxel	emg3525-t50b	-	No
Operating System	zyxel	ex7710-b0_firmware	< 5.18\(acak.1\)c1	Yes
Hardware	zyxel	ex7710-b0	-	No
Operating System	zyxel	ex7501-b0_firmware	< 5.18\(achn.1.2\)c0	Yes
Hardware	zyxel	ex7501-b0	-	No
Operating System	zyxel	ex5601-t1_firmware	< 5.70\(acdz.3.2\)c0	Yes
Hardware	zyxel	ex5601-t1	-	No
Operating System	zyxel	ex5601-t0_firmware	< 5.70\(acdz.3.2\)c0	Yes
Hardware	zyxel	ex5601-t0	-	No
Operating System	zyxel	ex5512-t0_firmware	< 5.70\(aceg.3\)c2	Yes
Hardware	zyxel	ex5512-t0	-	No
Operating System	zyxel	ex5510-b0_firmware	< 5.17\(abqx.10\)c0	Yes
Hardware	zyxel	ex5510-b0	-	No
Operating System	zyxel	ex5401-b1_firmware	< 5.17\(abyo.6.2\)c0	Yes
Hardware	zyxel	ex5401-b1	-	No
Operating System	zyxel	ex5401-b0_firmware	< 5.17\(abyo.6.2\)c0	Yes
Hardware	zyxel	ex5401-b0	-	No
Operating System	zyxel	ex3600-t0_firmware	< 5.70\(acif.0.3\)c0	Yes
Hardware	zyxel	ex3600-t0	-	No
Operating System	zyxel	ex3510-b1_firmware	< 5.17\(abup.12\)c0	Yes
Hardware	zyxel	ex3510-b1	-	No
Operating System	zyxel	ex3510-b0_firmware	< 5.17\(abup.12\)c0	Yes
Hardware	zyxel	ex3510-b0	-	No
Operating System	zyxel	ex3501-t0_firmware	< 5.44\(achr.2\)c0	Yes
Hardware	zyxel	ex3501-t0	-	No
Operating System	zyxel	ex3500-t0_firmware	< 5.44\(achr.2\)c0	Yes
Hardware	zyxel	ex3500-t0	-	No
Operating System	zyxel	ex3301-t0_firmware	< 5.50\(abvy.5.3\)c0	Yes
Hardware	zyxel	ex3301-t0	-	No
Operating System	zyxel	ex3300-t1_firmware	< 5.50\(abvy.5.3\)c0	Yes
Hardware	zyxel	ex3300-t1	-	No
Operating System	zyxel	ex3300-t0_firmware	< 5.50\(abvy.5.3\)c0	Yes
Hardware	zyxel	ex3300-t0	-	No
Operating System	zyxel	dx5401-b1_firmware	< 5.17\(abyo.6.2\)c0	Yes
Hardware	zyxel	dx5401-b1	-	No
Operating System	zyxel	dx5401-b0_firmware	< 5.17\(abyo.6.2\)c0	Yes
Hardware	zyxel	dx5401-b0	-	No
Operating System	zyxel	dx4510-b1_firmware	< 5.17\(abyl.7\)c0	Yes
Hardware	zyxel	dx4510-b1	-	No
Operating System	zyxel	dx4510-b0_firmware	< 5.17\(abyl.7\)c0	Yes
Hardware	zyxel	dx4510-b0	-	No
Operating System	zyxel	dx3301-t0_firmware	< 5.50\(abvy.5.3\)c0	Yes
Hardware	zyxel	dx3301-t0	-	No
Operating System	zyxel	dx3300-t1_firmware	< 5.50\(abvy.5.3\)c0	Yes
Hardware	zyxel	dx3300-t1	-	No
Operating System	zyxel	dx3300-t0_firmware	< 5.50\(abvy.5.3\)c0	Yes
Hardware	zyxel	dx3300-t0	-	No

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024 Vendor Advisory ([email protected])

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For zyxel's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.