CVE-2024-9197: Buffer Overflow
First published: Tue Dec 03 2024(Updated: )
A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel VMG3625-T50B firmware | <=V5.50(ABPM.9.2)C0 | |
| All of | ||
| Zyxel Dx3300-t0 | <5.50\(aby.5.4\)c0 | |
| Zyxel Dx3301-t0 Firmware | ||
| All of | ||
| Zyxel Dx3300-t1 | <5.50\(aby.5.4\)c0 | |
| Zyxel Dx3300-t1 Firmware | ||
| All of | ||
| Zyxel Dx3301-t0 Firmware | <5.50\(aby.5.4\)c0 | |
| Zyxel Dx3301-t0 Firmware | ||
| All of | ||
| Zyxel Dx4510-b0 | <5.17\(abyl.8\)c0 | |
| Zyxel Dx4510-b0 Firmware | ||
| All of | ||
| Zyxel Dx4510-b1 | <5.17\(abyl.8\)c0 | |
| Zyxel Dx4510-b1 Firmware | ||
| All of | ||
| Zyxel DX5401-B0 | <5.17\(abyo.6.4\)c0 | |
| Zyxel DX5401-B0 firmware | ||
| All of | ||
| Zyxel DX5401-B1 | <5.17\(abyo.6.4\)c0 | |
| Zyxel Dx5401-b1 Firmware | ||
| All of | ||
| Zyxel Ee6510-10 | <5.19\(acjq.1\)c0 | |
| Zyxel EE6510-10 | ||
| All of | ||
| Zyxel Ex3300-T0 Firmware | <5.50\(aby.5.4\)c0 | |
| Zyxel Ex3300-T0 Firmware | ||
| All of | ||
| Zyxel Ex3300-T1 | <5.50\(aby.5.4\)c0 | |
| Zyxel Ex3300-T1 | ||
| All of | ||
| Zyxel Ex3301-T0 | <5.50\(aby.5.4\)c0 | |
| Zyxel Ex3301-T0 | ||
| All of | ||
| Zyxel EX3500-T0 | <5.44\(achr.3\)c0 | |
| Zyxel EX3500-T0 | ||
| All of | ||
| Zyxel EX3501-T0 | <5.44\(achr.3\)c0 | |
| Zyxel EX3501-T0 | ||
| All of | ||
| Zyxel Ex3510-b0 | <5.17\(abup.13\)c0 | |
| Zyxel Ex3510-b0 Firmware | ||
| All of | ||
| Zyxel Ex3510-b1 Firmware | <5.17\(abup.13\)c0 | |
| Zyxel EX3510-B1 | ||
| All of | ||
| Zyxel Ex5401-b0 | <5.17\(abyo.6.4\)c0 | |
| Zyxel Ex5401-b0 Firmware | ||
| All of | ||
| Zyxel Ex5401-B1 | <5.17\(abyo.6.4\)c0 | |
| Zyxel Ex5401-b1 Firmware | ||
| All of | ||
| Zyxel Ex5501-b0 | <5.17\(abry.5.3\)c0 | |
| Zyxel Ex5501-b0 Firmware | ||
| All of | ||
| Zyxel EX5510 | <5.17\(abqx.11\)c0 | |
| Zyxel EX5510-B0 Firmware | ||
| All of | ||
| Zyxel Ex5600-t1 Firmware | <5.70\(acdz.3.4\)c0 | |
| Zyxel EX5600-T1 | ||
| All of | ||
| Zyxel Ex5601-t0 | <5.70\(acdz.3.4\)c0 | |
| Zyxel Ex5601-t0 Firmware | ||
| All of | ||
| Zyxel EX5601-T1 | <5.70\(acdz.3.4\)c0 | |
| Zyxel Ex5601-t1 Firmware | ||
| All of | ||
| Zyxel Ex7501-b0 | <5.18\(achn.1.3\)c0 | |
| Zyxel Ex7501-b0 Firmware | ||
| All of | ||
| Zyxel EMG3525-T50B Firmware | <5.50\(abpm.9.3\)c0 | |
| Zyxel EMG3525-T50B Firmware | ||
| All of | ||
| Zyxel EMG5523-T50B | <5.50\(abpm.9.3\)c0 | |
| Zyxel EMG5523-T50B Firmware | ||
| All of | ||
| Zyxel EMG5723-T50K Firmware | <5.50\(abom.8.5\)c0 | |
| Zyxel EMG5723-T50K | ||
| All of | ||
| VMG VMG3625-T50B firmware | <5.50\(abpm.9.3\)c0 | |
| Zyxel VMG3625-T50B firmware | ||
| All of | ||
| Zyxel VMG3927-T50K | <5.50\(abom.8.5\)c0 | |
| Zyxel VMG3927-T50K Firmware | ||
| All of | ||
| Zyxel VMG8623-T50B | <5.50\(abpm.9.3\)c0 | |
| Zyxel VMG8623-T50B Firmware | ||
| All of | ||
| Zyxel VMG8825-T50K | <5.50\(abom.8.5\)c0 | |
| Zyxel VMG8825-T50K firmware | ||
| All of | ||
| Zyxel AX7501-B0 | <5.17\(abpc.5.3\)c0 | |
| Zyxel AX7501-B0 firmware | ||
| All of | ||
| Zyxel Ax7501-b1 | <5.17\(abpc.5.3\)c0 | |
| Zyxel Ax7501-b1 Firmware | ||
| All of | ||
| Zyxel Ex3600-t0 Firmware | <5.70\(acif.0.4\)c0 | |
| Zyxel Ex3600-t0 Firmware | ||
| All of | ||
| Zyxel Px3321-t1 | <5.44\(acjb.1.1\)c0 | |
| Zyxel Px3321-t1 Firmware | ||
| All of | ||
| Zyxel Px3321-t1 | <5.44\(achk.0.3\)c0 | |
| Zyxel Px3321-t1 Firmware | ||
| All of | ||
| Zyxel Px5301-t0 | <5.44\(ackb.0.1\)c0 | |
| Zyxel Px5301-t0 Firmware | ||
| All of | ||
| Zyxel Wx5600-t0 Firmware | <5.70\(aceb.3.3\)c0 | |
| Zyxel Wx5600-t0 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-9197?
CVE-2024-9197 is categorized as a high severity vulnerability due to the potential for temporary denial of service by authenticated attackers.
How do I fix CVE-2024-9197?
To mitigate CVE-2024-9197, upgrade the firmware of affected Zyxel devices to the latest version beyond V5.50(ABPM.9.3)C0.
What devices are affected by CVE-2024-9197?
CVE-2024-9197 affects Zyxel VMG3625-T50B and several other Zyxel firmware models up to specific versions indicated in the advisory.
How does CVE-2024-9197 affect my device?
CVE-2024-9197 allows authenticated attackers with administrator privileges to exploit a buffer overflow condition, potentially causing a denial of service.
Can CVE-2024-9197 be exploited remotely?
CVE-2024-9197 requires authentication, meaning an attacker must already have administrator access to exploit the vulnerability.
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/epss
- collector/epss-latest
- source/FIRST
- agent/source
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/zyxel
- canonical/zyxel vmg3625-t50b firmware
- canonical/zyxel dx3300-t0
- canonical/zyxel dx3301-t0 firmware
- canonical/zyxel dx3300-t1
- canonical/zyxel dx3300-t1 firmware
- canonical/zyxel dx4510-b0
- canonical/zyxel dx4510-b0 firmware
- canonical/zyxel dx4510-b1
- canonical/zyxel dx4510-b1 firmware
- canonical/zyxel dx5401-b0
- canonical/zyxel dx5401-b0 firmware
- canonical/zyxel dx5401-b1
- canonical/zyxel dx5401-b1 firmware
- canonical/zyxel ee6510-10
- canonical/zyxel ex3300-t0 firmware
- canonical/zyxel ex3300-t1
- canonical/zyxel ex3301-t0
- canonical/zyxel ex3500-t0
- canonical/zyxel ex3501-t0
- canonical/zyxel ex3510-b0
- canonical/zyxel ex3510-b0 firmware
- canonical/zyxel ex3510-b1 firmware
- canonical/zyxel ex3510-b1
- canonical/zyxel ex5401-b0
- canonical/zyxel ex5401-b0 firmware
- canonical/zyxel ex5401-b1
- canonical/zyxel ex5401-b1 firmware
- canonical/zyxel ex5501-b0
- canonical/zyxel ex5501-b0 firmware
- canonical/zyxel ex5510
- canonical/zyxel ex5510-b0 firmware
- canonical/zyxel ex5600-t1 firmware
- canonical/zyxel ex5600-t1
- canonical/zyxel ex5601-t0
- canonical/zyxel ex5601-t0 firmware
- canonical/zyxel ex5601-t1
- canonical/zyxel ex5601-t1 firmware
- canonical/zyxel ex7501-b0
- canonical/zyxel ex7501-b0 firmware
- canonical/zyxel emg3525-t50b firmware
- canonical/zyxel emg5523-t50b
- canonical/zyxel emg5523-t50b firmware
- canonical/zyxel emg5723-t50k firmware
- canonical/zyxel emg5723-t50k
- canonical/vmg vmg3625-t50b firmware
- canonical/zyxel vmg3927-t50k
- canonical/zyxel vmg3927-t50k firmware
- canonical/zyxel vmg8623-t50b
- canonical/zyxel vmg8623-t50b firmware
- canonical/zyxel vmg8825-t50k
- canonical/zyxel vmg8825-t50k firmware
- canonical/zyxel ax7501-b0
- canonical/zyxel ax7501-b0 firmware
- canonical/zyxel ax7501-b1
- canonical/zyxel ax7501-b1 firmware
- canonical/zyxel ex3600-t0 firmware
- canonical/zyxel px3321-t1
- canonical/zyxel px3321-t1 firmware
- canonical/zyxel px5301-t0
- canonical/zyxel px5301-t0 firmware
- canonical/zyxel wx5600-t0 firmware