SecuriTricks - CVE-2024-8882

CVSS Score

4.5 / 10

Products Impacted

Vendor	Product	Versions
zyxel	gs1900-8_firmware gs1900-8 gs1900-8hp_firmware gs1900-8hp gs1900-10hp_firmware gs1900-10hp gs1900-16_firmware gs1900-16 gs1900-24_firmware gs1900-24 gs1900-24e_firmware gs1900-24e gs1900-24ep_firmware gs1900-24ep gs1900-24hpv2_firmware gs1900-24hpv2 gs1900-48_firmware gs1900-48 gs1900-48hpv2_firmware gs1900-48hpv2	* - * - * - * - * - * - * - * - * - * -

Description

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

Weaknesses

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE ID: 120

Date

Published: Nov. 12, 2024, 2:15 a.m.

Last Modified: Nov. 14, 2024, 1:42 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@zyxel.com.tw

CPEs

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	zyxel	gs1900-8_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-8	-	/	/	/	/	/	/	/
o	zyxel	gs1900-8hp_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-8hp	-	/	/	/	/	/	/	/
o	zyxel	gs1900-10hp_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-10hp	-	/	/	/	/	/	/	/
o	zyxel	gs1900-16_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-16	-	/	/	/	/	/	/	/
o	zyxel	gs1900-24_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-24	-	/	/	/	/	/	/	/
o	zyxel	gs1900-24e_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-24e	-	/	/	/	/	/	/	/
o	zyxel	gs1900-24ep_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-24ep	-	/	/	/	/	/	/	/
o	zyxel	gs1900-24hpv2_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-24hpv2	-	/	/	/	/	/	/	/
o	zyxel	gs1900-48_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-48	-	/	/	/	/	/	/	/
o	zyxel	gs1900-48hpv2_firmware	/	/	/	/	/	/	/	/
h	zyxel	gs1900-48hpv2	-	/	/	/	/	/	/	/

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

4.5

Exploitability Score

0.9

Impact Score

3.6

Base Severity

MEDIUM

CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2024-8882

Tags

CVSS Score

Products Impacted

Description

Weaknesses

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Date

Status : Analyzed

Source

CPEs

CVSS Data

Attack Vector

Attack Complexity

Privileges Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Exploitability Score

Impact Score

Base Severity

CVSS Vector String

References

CVE-2024-8882

Tags

CVSS Score

Products Impacted

Description

Weaknesses

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Date

Status : Analyzed

Source

CPEs

CVSS Data

Attack Vector

Attack Complexity

Privileges Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Exploitability Score

Impact Score

Base Severity

CVSS Vector String

References

Share