Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-9197

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.9, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 72 products from zyxel, from zyxel, from zyxel and 69 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-12-03T02:15:17.773

Last Modified

2025-01-21T21:18:24.393

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-120
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System zyxel dx3300-t0_firmware < 5.50\(aby.5.4\)c0 Yes
Hardware zyxel dx3300-t0 - No
Operating System zyxel dx3300-t1_firmware < 5.50\(aby.5.4\)c0 Yes
Hardware zyxel dx3300-t1 - No
Operating System zyxel dx3301-t0_firmware < 5.50\(aby.5.4\)c0 Yes
Hardware zyxel dx3301-t0 - No
Operating System zyxel dx4510-b0_firmware < 5.17\(abyl.8\)c0 Yes
Hardware zyxel dx4510-b0 - No
Operating System zyxel dx4510-b1_firmware < 5.17\(abyl.8\)c0 Yes
Hardware zyxel dx4510-b1 - No
Operating System zyxel dx5401-b0_firmware < 5.17\(abyo.6.4\)c0 Yes
Hardware zyxel dx5401-b0 - No
Operating System zyxel dx5401-b1_firmware < 5.17\(abyo.6.4\)c0 Yes
Hardware zyxel dx5401-b1 - No
Operating System zyxel ee6510-10_firmware < 5.19\(acjq.1\)c0 Yes
Hardware zyxel ee6510-10 - No
Operating System zyxel ex3300-t0_firmware < 5.50\(aby.5.4\)c0 Yes
Hardware zyxel ex3300-t0 - No
Operating System zyxel ex3300-t1_firmware < 5.50\(aby.5.4\)c0 Yes
Hardware zyxel ex3300-t1 - No
Operating System zyxel ex3301-t0_firmware < 5.50\(aby.5.4\)c0 Yes
Hardware zyxel ex3301-t0 - No
Operating System zyxel ex3500-t0_firmware < 5.44\(achr.3\)c0 Yes
Hardware zyxel ex3500-t0 - No
Operating System zyxel ex3501-t0_firmware < 5.44\(achr.3\)c0 Yes
Hardware zyxel ex3501-t0 - No
Operating System zyxel ex3510-b0_firmware < 5.17\(abup.13\)c0 Yes
Hardware zyxel ex3510-b0 - No
Operating System zyxel ex3510-b1_firmware < 5.17\(abup.13\)c0 Yes
Hardware zyxel ex3510-b1 - No
Operating System zyxel ex5401-b0_firmware < 5.17\(abyo.6.4\)c0 Yes
Hardware zyxel ex5401-b0 - No
Operating System zyxel ex5401-b1_firmware < 5.17\(abyo.6.4\)c0 Yes
Hardware zyxel ex5401-b1 - No
Operating System zyxel ex5501-b0_firmware < 5.17\(abry.5.3\)c0 Yes
Hardware zyxel ex5501-b0 - No
Operating System zyxel ex5510-b0_firmware < 5.17\(abqx.11\)c0 Yes
Hardware zyxel ex5510-b0 - No
Operating System zyxel ex5600-t1_firmware < 5.70\(acdz.3.4\)c0 Yes
Hardware zyxel ex5600-t1 - No
Operating System zyxel ex5601-t0_firmware < 5.70\(acdz.3.4\)c0 Yes
Hardware zyxel ex5601-t0 - No
Operating System zyxel ex5601-t1_firmware < 5.70\(acdz.3.4\)c0 Yes
Hardware zyxel ex5601-t1 - No
Operating System zyxel ex7501-b0_firmware < 5.18\(achn.1.3\)c0 Yes
Hardware zyxel ex7501-b0 - No
Operating System zyxel emg3525-t50b_firmware < 5.50\(abpm.9.3\)c0 Yes
Hardware zyxel emg3525-t50b - No
Operating System zyxel emg5523-t50b_firmware < 5.50\(abpm.9.3\)c0 Yes
Hardware zyxel emg5523-t50b - No
Operating System zyxel emg5723-t50k_firmware < 5.50\(abom.8.5\)c0 Yes
Hardware zyxel emg5723-t50k - No
Operating System zyxel vmg3625-t50b_firmware < 5.50\(abpm.9.3\)c0 Yes
Hardware zyxel vmg3625-t50b - No
Operating System zyxel vmg3927-t50k_firmware < 5.50\(abom.8.5\)c0 Yes
Hardware zyxel vmg3927-t50k - No
Operating System zyxel vmg8623-t50b_firmware < 5.50\(abpm.9.3\)c0 Yes
Hardware zyxel vmg8623-t50b - No
Operating System zyxel vmg8825-t50k_firmware < 5.50\(abom.8.5\)c0 Yes
Hardware zyxel vmg8825-t50k - No
Operating System zyxel ax7501-b0_firmware < 5.17\(abpc.5.3\)c0 Yes
Hardware zyxel ax7501-b0 - No
Operating System zyxel ax7501-b1_firmware < 5.17\(abpc.5.3\)c0 Yes
Hardware zyxel ax7501-b1 - No
Operating System zyxel ex3600-t0_firmware < 5.70\(acif.0.4\)c0 Yes
Hardware zyxel ex3600-t0 - No
Operating System zyxel px3321-t1_firmware < 5.44\(acjb.1.1\)c0 Yes
Hardware zyxel px3321-t1 - No
Operating System zyxel px3321-t1_firmware < 5.44\(achk.0.3\)c0 Yes
Hardware zyxel px3321-t1 - No
Operating System zyxel px5301-t0_firmware < 5.44\(ackb.0.1\)c0 Yes
Hardware zyxel px5301-t0 - No
Operating System zyxel wx5600-t0_firmware < 5.70\(aceb.3.3\)c0 Yes
Hardware zyxel wx5600-t0 - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For zyxel's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.