CVE-2024-38268: Buffer Overflow
First published: Tue Sep 24 2024(Updated: )
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Zyxel WX5600-T0 Firmware | <5.70\(aceb.3.2\)c0 | |
| Zyxel Wx5600-t0 Firmware | ||
| All of | ||
| Zyxel WX3401-B0 Firmware | <5.17\(abve.2.5\)c0 | |
| Zyxel Wx3401-b0 Firmware | ||
| All of | ||
| Zyxel WX3100-T0 Firmware | <5.50\(abvl.4.3\)c0 | |
| Zyxel WX3100-T0 Firmware | ||
| All of | ||
| Zyxel SCR50AXE Firmware | <1.10\(acgn.3\)c0 | |
| Zyxel SCR50AXE | ||
| All of | ||
| Zyxel Px3321-t1 | <5.44\(acjb.1\)c0 | |
| Zyxel Px3321-t1 Firmware | ||
| All of | ||
| Zyxel PM7300-T0 Firmware | <5.42\(abyy.2.2\)c0 | |
| Zyxel Pm7300-t0 Firmware | ||
| All of | ||
| Zyxel PM5100-T0 | <5.42\(acbf.2.1\)c0 | |
| Zyxel PM5100-T0 | ||
| All of | ||
| Zyxel PM3100-T0 Firmware | <5.42\(acbf.2.1\)c0 | |
| Zyxel PM3100-T0 Firmware | ||
| All of | ||
| Zyxel Ax7501-B1 | <5.17\(abpc.5.2\)c0 | |
| Zyxel Ax7501-B1 Firmware | ||
| All of | ||
| Zyxel VMG8825-T50K | <5.50\(abom.8.4\)c0 | |
| Zyxel VMG8825-T50K firmware | ||
| All of | ||
| Zyxel VMG8623-T50B | <5.50\(abpm.9.2\)c0 | |
| Zyxel VMG8623-T50B Firmware | ||
| All of | ||
| Zyxel VMG4005-B60A | <5.17\(abqa.2.2\)c0 | |
| Zyxel VMG4005-B60A | ||
| All of | ||
| Zyxel VMG4005-B50A firmware | <5.17\(abqa.2.2\)c0 | |
| Zyxel VMG4005-B50A firmware | ||
| All of | ||
| Zyxel VMG3927-T50K | <5.50\(abom.8.4\)c0 | |
| Zyxel VMG3927-T50K Firmware | ||
| All of | ||
| Zyxel VMG3625-T50B Firmware | <5.50\(abpm.9.2\)c0 | |
| Zyxel VMG3625-T50B firmware | ||
| All of | ||
| Zyxel EMG5723-T50K | <5.50\(abom.8.4\)c0 | |
| Zyxel EMG5723-T50K Firmware | ||
| All of | ||
| Zyxel EMG5523-T50B | <5.50\(abpm.9.2\)c0 | |
| Zyxel EMG5523-T50B Firmware | ||
| All of | ||
| Zyxel EMG3525-T50B Firmware | <5.50\(abpm.9.2\)c0 | |
| Zyxel EMG3525-T50B Firmware | ||
| All of | ||
| Zyxel EX7710-B0 | <5.18\(acak.1\)c1 | |
| Zyxel EX7710-B0 | ||
| All of | ||
| Zyxel Ex7501-b0 | <5.18\(achn.1.2\)c0 | |
| Zyxel Ex7501-b0 Firmware | ||
| All of | ||
| Zyxel EX5601-T1 Firmware | <5.70\(acdz.3.2\)c0 | |
| Zyxel EX5601-T1 Firmware | ||
| All of | ||
| Zyxel Ex5601-T0 | <5.70\(acdz.3.2\)c0 | |
| Zyxel Ex5601-T0 Firmware | ||
| All of | ||
| Zyxel EX5512-T0 | <5.70\(aceg.3\)c2 | |
| Zyxel EX5512-T0 Firmware | ||
| All of | ||
| Zyxel EX5510 | <5.17\(abqx.10\)c0 | |
| Zyxel EX5510-B0 Firmware | ||
| All of | ||
| Zyxel Ex5401-B1 Firmware | <5.17\(abyo.6.2\)c0 | |
| Zyxel Ex5401-B1 Firmware | ||
| All of | ||
| Zyxel Ex5401-B0 | <5.17\(abyo.6.2\)c0 | |
| Zyxel Ex5401-B0 | ||
| All of | ||
| Zyxel EX3600-T0 Firmware | <5.70\(acif.0.3\)c0 | |
| Zyxel Ex3600-t0 Firmware | ||
| All of | ||
| Zyxel Ex3510 Firmware | <5.17\(abup.12\)c0 | |
| Zyxel EX3510-B1 Firmware | ||
| All of | ||
| Zyxel Ex3510 Firmware | <5.17\(abup.12\)c0 | |
| Zyxel Ex3510-B0 Firmware | ||
| All of | ||
| Zyxel EX3501-T0 | <5.44\(achr.2\)c0 | |
| Zyxel EX3501-T0 | ||
| All of | ||
| Zyxel EX3500-T0 | <5.44\(achr.2\)c0 | |
| Zyxel EX3500-T0 | ||
| All of | ||
| Zyxel Ex3301-T0 | <5.50\(abvy.5.3\)c0 | |
| Zyxel Ex3301-T0 | ||
| All of | ||
| Zyxel Ex3300-T1 | <5.50\(abvy.5.3\)c0 | |
| Zyxel Ex3300-T1 | ||
| All of | ||
| Zyxel Ex3300-T0 Firmware | <5.50\(abvy.5.3\)c0 | |
| Zyxel Ex3300-T0 Firmware | ||
| All of | ||
| Zyxel Dx5401-B1 Firmware | <5.17\(abyo.6.2\)c0 | |
| Zyxel Dx5401-B1 Firmware | ||
| All of | ||
| Zyxel DX5401-B0 | <5.17\(abyo.6.2\)c0 | |
| Zyxel DX5401-B0 firmware | ||
| All of | ||
| Zyxel Dx4510 | <5.17\(abyl.7\)c0 | |
| Zyxel Dx4510-B1 Firmware | ||
| All of | ||
| Zyxel Dx4510-B0 | <5.17\(abyl.7\)c0 | |
| Zyxel Dx4510-b0 Firmware | ||
| All of | ||
| Zyxel Dx3300-T0 | <5.50\(abvy.5.3\)c0 | |
| Zyxel Dx3301-t0 Firmware | ||
| All of | ||
| Zyxel Dx3300-T1 | <5.50\(abvy.5.3\)c0 | |
| DX3300 DX3300-T1 Firmware | ||
| All of | ||
| Zyxel Dx3300-t0 | <5.50\(abvy.5.3\)c0 | |
| Zyxel Dx3300-T0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-38268?
CVE-2024-38268 is assessed as a high severity vulnerability due to its potential for memory corruption and exploitation by authenticated attackers.
How do I fix CVE-2024-38268?
To mitigate CVE-2024-38268, upgrade the firmware of affected Zyxel devices to the latest version available from the manufacturer.
What devices are affected by CVE-2024-38268?
CVE-2024-38268 affects several Zyxel devices, including the VMG8825-T50K and other firmware versions through 5.50(ABOM.8)C0.
What types of attacks can exploit CVE-2024-38268?
CVE-2024-38268 could be exploited by authenticated attackers to cause memory corruption, potentially leading to denial of service or unauthorized access.
Is there a workaround for CVE-2024-38268?
Currently, the best practice is to update to the patched firmware since no specific workarounds are provided for CVE-2024-38268.
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/zyxel
- canonical/zyxel wx5600-t0 firmware
- canonical/zyxel wx3401-b0 firmware
- canonical/zyxel wx3100-t0 firmware
- canonical/zyxel scr50axe firmware
- canonical/zyxel scr50axe
- canonical/zyxel px3321-t1
- canonical/zyxel px3321-t1 firmware
- canonical/zyxel pm7300-t0 firmware
- canonical/zyxel pm5100-t0
- canonical/zyxel pm3100-t0 firmware
- canonical/zyxel ax7501-b1
- canonical/zyxel ax7501-b1 firmware
- canonical/zyxel vmg8825-t50k
- canonical/zyxel vmg8825-t50k firmware
- canonical/zyxel vmg8623-t50b
- canonical/zyxel vmg8623-t50b firmware
- canonical/zyxel vmg4005-b60a
- canonical/zyxel vmg4005-b50a firmware
- canonical/zyxel vmg3927-t50k
- canonical/zyxel vmg3927-t50k firmware
- canonical/zyxel vmg3625-t50b firmware
- canonical/zyxel emg5723-t50k
- canonical/zyxel emg5723-t50k firmware
- canonical/zyxel emg5523-t50b
- canonical/zyxel emg5523-t50b firmware
- canonical/zyxel emg3525-t50b firmware
- canonical/zyxel ex7710-b0
- canonical/zyxel ex7501-b0
- canonical/zyxel ex7501-b0 firmware
- canonical/zyxel ex5601-t1 firmware
- canonical/zyxel ex5601-t0 firmware
- canonical/zyxel ex5601-t0
- canonical/zyxel ex5512-t0
- canonical/zyxel ex5512-t0 firmware
- canonical/zyxel ex5510
- canonical/zyxel ex5510-b0 firmware
- canonical/zyxel ex5401-b1 firmware
- canonical/zyxel ex5401-b0
- canonical/zyxel ex3600-t0 firmware
- canonical/zyxel ex3510 firmware
- canonical/zyxel ex3510-b1 firmware
- canonical/zyxel ex3510-b0 firmware
- canonical/zyxel ex3501-t0
- canonical/zyxel ex3500-t0
- canonical/zyxel ex3301-t0
- canonical/zyxel ex3300-t1
- canonical/zyxel ex3300-t0 firmware
- canonical/zyxel dx5401-b1 firmware
- canonical/zyxel dx5401-b0
- canonical/zyxel dx5401-b0 firmware
- canonical/zyxel dx4510
- canonical/zyxel dx4510-b1 firmware
- canonical/zyxel dx4510-b0
- canonical/zyxel dx4510-b0 firmware
- canonical/zyxel dx3300-t0
- canonical/zyxel dx3301-t0 firmware
- canonical/zyxel dx3300-t1
- canonical/dx3300 dx3300-t1 firmware