CVE-2024-38266

{"id": "CVE-2024-38266", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-09-24T02:15:02.220", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-memory-corruption-vulnerabilities-in-some-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-versions-09-24-2024", "source": "security@zyxel.com.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device."}, {"lang": "es", "value": "Una restricci\u00f3n incorrecta de las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en el analizador de tipo de par\u00e1metro de las versiones de firmware Zyxel VMG8825-T50K hasta la 5.50(ABOM.8)C0 podr\u00eda permitir que un atacante autenticado con privilegios de administrador provoque posibles corrupciones de memoria, lo que resultar\u00eda en un bloqueo del hilo en un dispositivo afectado."}], "lastModified": "2024-09-26T13:32:55.343", "sourceIdentifier": "security@zyxel.com.tw"}