CVE-2024-8748 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Zyxel	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 44%

Vendor	Product	Version
zyxel	lte3301-plus_firmware	𝑥 < 1.00\(abqu.6\)c0
zyxel	lte5388-m804_firmware	𝑥 < 1.00\(absq.5\)c0
zyxel	lte5398-m904_firmware	𝑥 < 1.00\(abq.5\)c0
zyxel	lte7480-m804_firmware	𝑥 < 1.00\(abra.10\)c0
zyxel	lte7490-m904_firmware	𝑥 < 1.00\(abqy.9\)c0
zyxel	nr7101_firmware	𝑥 < 1.00\(abu.11\)c0
zyxel	nr7102_firmware	𝑥 < 1.00\(abyd.4\)c0
zyxel	nebula_nr5101_firmware	𝑥 < 1.16\(accg.1\)c0
zyxel	nebula_nr7101_firmware	𝑥 < 1.16\(accc.1\)c0
zyxel	nebula_lte3301-plus_firmware	𝑥 < 1.18\(acca.5\)c0
zyxel	dx3300-t0_firmware	𝑥 < 5.50\(aby.5.4\)c0
zyxel	dx3300-t1_firmware	𝑥 < 5.50\(aby.5.4\)c0
zyxel	dx3301-t0_firmware	𝑥 < 5.50\(aby.5.4\)c0
zyxel	dx4510-b0_firmware	𝑥 < 5.17\(abyl.8\)c0
zyxel	dx4510-b1_firmware	𝑥 < 5.17\(abyl.8\)c0
zyxel	dx5401-b0_firmware	𝑥 < 5.17\(abyo.6.4\)c0
zyxel	dx5401-b1_firmware	𝑥 < 5.17\(abyo.6.4\)c0
zyxel	ee6510-10_firmware	𝑥 < 5.19\(acjq.1\)c0
zyxel	ex2210-t0_firmware	𝑥 < 5.50\(acdi.2\)c0
zyxel	ex3300-t0_firmware	𝑥 < 5.50\(aby.5.4\)c0
zyxel	ex3300-t1_firmware	𝑥 < 5.50\(aby.5.4\)c0
zyxel	ex3301-t0_firmware	𝑥 < 5.50\(aby.5.4\)c0
zyxel	ex3500-t0_firmware	𝑥 < 5.44\(achr.3\)c0
zyxel	ex3501-t0_firmware	𝑥 < 5.44\(achr.3\)c0
zyxel	ex3510-b0_firmware	𝑥 < 5.17\(abup.13\)c0
zyxel	ex3510-b1_firmware	𝑥 < 5.17\(abup.13\)c0
zyxel	ex3600-t0_firmware	𝑥 < 5.70\(acif.0.4\)c0
zyxel	ex5401-b0_firmware	𝑥 < 5.17\(abyo.6.4\)c0
zyxel	ex5401-b1_firmware	𝑥 < 5.17\(abyo.6.4\)c0
zyxel	ex5501-b0_firmware	𝑥 < 5.17\(abry.5.3\)c0
zyxel	ex5510-b0_firmware	𝑥 < 5.17\(abqx.11\)c0
zyxel	ex5512-t0_firmware	𝑥 < 5.70\(aceg4.2\)c0
zyxel	ex5600-t1_firmware	𝑥 < 5.70\(acdz.3.4\)c0
zyxel	ex5601-t0_firmware	𝑥 < 5.70\(acdz.3.4\)c0
zyxel	ex5601-t1_firmware	𝑥 < 5.70\(acdz.3.4\)c0
zyxel	ex7501-b0_firmware	𝑥 < 5.18\(achn.1.3\)c0
zyxel	ex7710-b0_firmware	𝑥 < 5.18\(acak.1.1\)c0
zyxel	emg3525-t50b_firmware	𝑥 < 5.50\(abpm.9.3\)c0
zyxel	emg5523-t50b_firmware	𝑥 < 5.50\(abpm.9.3\)c0
zyxel	emg5723-t50k_firmware	𝑥 < 5.50\(abom.8.5\)c0
zyxel	emg6726-b10a_firmware	𝑥 < 5.13\(abnp.8\)c1
zyxel	vmg3625-t50b_firmware	𝑥 < 5.50\(abpm.9.3\)c0
zyxel	vmg3927-b50b_firmware	𝑥 < 5.13\(ably.9\)c1
zyxel	vmg3927-t50k_firmware	𝑥 < 5.50\(abom.8.5\)c0
zyxel	vmg4005-b50a_firmware	𝑥 < 5.15\(abqa.2.3\)c0
zyxel	vmg4005-b60a_firmware	𝑥 < 5.15\(abqa.2.3\)c0
zyxel	vmg4005-b50b_firmware	𝑥 < 5.13\(abrl.5.2\)c0
zyxel	vmg4927-b50a_firmware	𝑥 < 5.13\(ably.9\)c1
zyxel	vmg8623-t50b_firmware	𝑥 < 5.50\(abpm.9.3\)c0
zyxel	vmg8825-t50k_firmware	𝑥 < 5.50\(abom.8.5\)c0
zyxel	vmg8825-t50k_firmware	𝑥 < 5.50\(abpy.1\)b26
zyxel	ax7501-b0_firmware	𝑥 < 5.17\(abpc.5.3\)c0
zyxel	ax7501-b1_firmware	𝑥 < 5.17\(abpc.5.3\)c0
zyxel	pm3100-t0_firmware	𝑥 < 5.42\(acbf.3\)c0
zyxel	pm5100-t0_firmware	𝑥 < 5.42\(acbf.3\)c0
zyxel	pm7300-t0_firmware	𝑥 < 5.42\(abyy.2.3\)c0
zyxel	pm7500-t0_firmware	𝑥 < 5.61\(ackk.0.1\)c0
zyxel	px3321-t1_firmware	𝑥 < 5.44\(acjb.1.1\)c0
zyxel	px3321-t1_firmware	𝑥 < 5.44\(achk.0.3\)c0
zyxel	px5301-t0_firmware	𝑥 < 5.44\(ackb.0.1\)c0
zyxel	wx3100-t0_firmware	𝑥 < 5.50\(abl.4.4\)c0
zyxel	wx3401-b0_firmware	𝑥 < 5.17\(abe.2.6\)c0
zyxel	wx3401-b1_firmware	𝑥 < 5.17\(abe.2.6\)c0
zyxel	wx5600-t0_firmware	𝑥 < 5.70\(aceb.3.3\)c0
zyxel	wx5610-b0_firmware	𝑥 < 5.18\(acgj0.1\)c0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024