Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-34140

Summary
Assigner-Zyxel
Assigner Org ID-96e50032-ad0d-4058-a115-4d2c13821f9f
Published At-17 Jul, 2023 | 17:49
Updated At-21 Oct, 2024 | 19:42
Rejected At-
Credits

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zyxel
Assigner Org ID:96e50032-ad0d-4058-a115-4d2c13821f9f
Published At:17 Jul, 2023 | 17:49
Updated At:21 Oct, 2024 | 19:42
Rejected At:
▼CVE Numbering Authority (CNA)

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.

Affected Products
Vendor
Zyxel Networks CorporationZyxel
Product
ATP series firmware
Default Status
unaffected
Versions
Affected
  • 4.32 through 5.36 Patch 2
Vendor
Zyxel Networks CorporationZyxel
Product
USG FLEX series firmware
Default Status
unaffected
Versions
Affected
  • 4.50 through 5.36 Patch 2
Vendor
Zyxel Networks CorporationZyxel
Product
USG FLEX 50(W) series firmware
Default Status
unaffected
Versions
Affected
  • 4.16 through 5.36 Patch 2
Vendor
Zyxel Networks CorporationZyxel
Product
USG20(W)-VPN series firmware
Default Status
unaffected
Versions
Affected
  • 4.16 through 5.36 Patch 2
Vendor
Zyxel Networks CorporationZyxel
Product
VPN series firmware
Default Status
unaffected
Versions
Affected
  • 4.30 through 5.36 Patch 2
Vendor
Zyxel Networks CorporationZyxel
Product
NXC2500 firmware
Default Status
unaffected
Versions
Affected
  • 6.10(AAIG.0) through 6.10(AAIG.3)
Vendor
Zyxel Networks CorporationZyxel
Product
NXC5500 firmware
Default Status
unaffected
Versions
Affected
  • 6.10(AAOS.0) through 6.10(AAOS.4)
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers
vendor-advisory
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers
vendor-advisory
x_transferred
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zyxel.com.tw
Published At:17 Jul, 2023 | 18:15
Updated At:26 Jul, 2023 | 21:29

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Zyxel Networks Corporation
zyxel
>>usg_20w-vpn_firmware>>Versions from 4.16(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_20w-vpn>>-
cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_2200-vpn_firmware>>Versions from 4.30(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_2200-vpn>>-
cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_100_firmware>>Versions from 4.50(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_100>>-
cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_100w_firmware>>Versions from 4.50(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_100w>>-
cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_200_firmware>>Versions from 4.50(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_200>>-
cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_50_firmware>>Versions from 4.50(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_50>>-
cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_500_firmware>>Versions from 4.50(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_500>>-
cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_50w_firmware>>Versions from 4.50(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_50w>>-
cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_700_firmware>>Versions from 4.50(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>usg_flex_700>>-
cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp100_firmware>>Versions from 4.32(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp100>>-
cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp100w_firmware>>Versions from 4.32(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp100w>>-
cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp200_firmware>>Versions from 4.32(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp200>>-
cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp500_firmware>>Versions from 4.32(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp500>>-
cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp700_firmware>>Versions from 4.32(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp700>>-
cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp800_firmware>>Versions from 4.32(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_atp800>>-
cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn100_firmware>>Versions from 4.30(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn100>>-
cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn2s_firmware>>Versions from 4.30(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn2s>>-
cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn300_firmware>>Versions from 4.30(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn300>>-
cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn50_firmware>>Versions from 4.30(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn50>>-
cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn_100_firmware>>Versions from 4.30(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn_100>>-
cpe:2.3:h:zyxel:zywall_vpn_100:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn_300_firmware>>Versions from 4.30(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn_300>>-
cpe:2.3:h:zyxel:zywall_vpn_300:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn_50_firmware>>Versions from 4.30(inclusive) to 5.37(exclusive)
cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>zywall_vpn_50>>-
cpe:2.3:h:zyxel:zywall_vpn_50:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>nxc2500_firmware>>Versions from 6.10\(aaig.0\)(inclusive) to 6.10\(aaig.3\)(inclusive)
cpe:2.3:o:zyxel:nxc2500_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>nxc2500>>-
cpe:2.3:h:zyxel:nxc2500:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>nxc5500_firmware>>Versions from 6.10\(aaos.0\)(inclusive) to 6.10\(aaos.4\)(inclusive)
cpe:2.3:o:zyxel:nxc5500_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>nxc5500>>-
cpe:2.3:h:zyxel:nxc5500:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE-120Secondarysecurity@zyxel.com.tw
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-120
Type: Secondary
Source: security@zyxel.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllerssecurity@zyxel.com.tw
Vendor Advisory
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers
Source: security@zyxel.com.tw
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

71Records found
CVE-2023-6397
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.48%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 01:19
Updated-21 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-atp800atp100wusg_flex_100axusg_flex_700_firmwareatp200atp700usg_flex_200h_firmwareatp100atp100_firmwareusg_flex_100ax_firmwareusg_flex_100_firmwareusg_flex_500h_firmwareatp500_firmwareusg_flex_500husg_flex_100husg_flex_100w_firmwareusg_flex_200husg_flex_50w_firmwareusg_flex_500_firmwareusg_flex_100h_firmwareusg_flex_200hpatp500usg_flex_200usg_flex_50_firmwareusg_flex_50usg_flex_700h_firmwareusg_flex_700usg_flex_700husg_flex_50wusg_flex_100watp100w_firmwareusg_flex_500atp800_firmwareusg_flex_100atp200_firmwareatp700_firmwareusg_flex_200_firmwareusg_flex_200hp_firmwareATP series firmwareUSG FLEX series firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-28768
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 16:10
Updated-01 Oct, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-xgs2220-54hp_firmwarexs1930-10xgs2220-54xgs2220-30hp_firmwarexgs2220-54_firmwarexgs2220-54hpxgs2220-30_firmwarexgs2220-30hpxs1930-12hp_firmwarexmg1930-30_firmwarexs1930-12f_firmwarexgs2220-30f_firmwarexmg1930-30hpxgs2220-54fp_firmwarexgs2220-30fxs1930-10_firmwarexmg1930-30xgs2220-30xgs2220-54fpxmg1930-30hp_firmwarexs1930-12fxs1930-12hpXGS2220-30 firmwareXMG1930-30 firmwareXS1930-10 firmware
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-5412
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 73.65%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:18
Updated-06 Sep, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex5601-t1_firmwaredx3301-t0vmg4005-b50anebula_fwa505dx4510-b0ex5512-t0_firmwarevmg3927-t50kpm5100-t0_firmwareex5401-b1_firmwarenr7303nr7501_firmwarevmg8825-t50kax7501-b1nr5307ex5601-t1nebula_fwa710ex3510-b0ax7501-b0dx5401-b0nr5103ev2_firmwareex3300-t0_firmwarevmg8623-t50bnr7303_firmwareemg3525-t50bex3501-t0nebula_fwa510vmg8825-t50k_firmwarepm7300-t0_firmwareex3501-t0_firmwareemg5723-t50kdx3301-t0_firmwareex5510-b0_firmwareex3500-t0_firmwarenr7302_firmwareex5401-b1dx5401-b1ex5401-b0_firmwarewx3401-b0_firmwarenr5103_firmwarenebula_fwa505_firmwareex3300-t1_firmwareex5512-t0ex3300-t0dx3300-t0ex7710-b0nr5103wx3100-t0_firmwarenr5103ev2pm3100-t0_firmwareemg5523-t50bvmg8623-t50b_firmwarepx3321-t1vmg4005-b60awx3100-t0ex7501-b0_firmwarenr7302dx3300-t1_firmwarescr50axe_firmwarepx3321-t1_firmwaredx5401-b1_firmwarenebula_lte3301-plus_firmwareex3500-t0ex5510-b0vmg4005-b60a_firmwarevmg4005-b50a_firmwareex5601-t0_firmwaredx5401-b0_firmwareax7501-b1_firmwareex5401-b0ex3301-t0ex7710-b0_firmwarenr7501nebula_lte3301-plusnr7103_firmwareex3510-b0_firmwarewx3401-b0pm5100-t0scr50axenebula_fwa510_firmwareax7501-b0_firmwaredx3300-t1vmg3927-t50k_firmwareemg5723-t50k_firmwarenr5307_firmwaredx3300-t0_firmwarepm3100-t0nr7103nebula_fwa710_firmwareex5601-t0ex3300-t1dx4510-b0_firmwarewx5600-t0emg5523-t50b_firmwarepm7300-t0vmg3625-t50bex3301-t0_firmwarevmg3625-t50b_firmwareemg3525-t50b_firmwareex7501-b0wx5600-t0_firmwareVMG8825-T50K firmwarevmg8825-t50k_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22917
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 78.42%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vpn100atp100_firmwareatp100atp800_firmwareusg_flex_200usg_flex_500_firmwareusg_flex_100w_firmwareusg_flex_100vpn300_firmwareatp100w_firmwareatp100wusg_flex_200_firmwarevpn50_firmwareatp200atp700usg_flex_700vpn100_firmwarevpn300usg_flex_100wusg_flex_50w_firmwareusg_20w-vpnatp700_firmwareusg_20w-vpn_firmwareatp500_firmwareatp800vpn1000_firmwarevpn50usg_flex_100_firmwareusg_flex_50wusg_flex_50_firmwareatp500usg_flex_700_firmwarevpn1000usg_flex_500usg_flex_50atp200_firmwareVPN series firmwareATP series firmwareUSG FLEX 50(W) firmwareUSG20(W)-VPN firmwareUSG FLEX series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22924
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.52% / 66.36%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 00:00
Updated-30 Jan, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg-418n_firmwarenbg-418nNBG-418N v2 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22915
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-1.25% / 78.95%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_50w_firmwarevpn100usg_20w-vpnusg_20w-vpn_firmwareusg_flex_500usg_flex_200usg_flex_500_firmwarevpn1000_firmwareusg_flex_100w_firmwareusg_flex_100vpn50usg_flex_100_firmwareusg_flex_200_firmwareusg_flex_50wvpn50_firmwareusg_flex_50_firmwareusg_flex_700_firmwareusg_flex_700vpn100_firmwarevpn1000vpn300usg_flex_100wvpn300_firmwareusg_flex_50USG FLEX 50(W) firmwareUSG20(W)-VPN firmwareUSG FLEX series firmwareVPN series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22922
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 00:00
Updated-30 Jan, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg-418n_firmwarenbg-418nNBG-418N v2 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8748
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.97%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 01:15
Updated-21 Jan, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3500-t0_firmwareex5510-b0_firmwarenr7101pm7300-t0_firmwareex3301-t0emg5523-t50b_firmwaredx5401-b1lte7480-m804lte5398-m904dx5401-b0_firmwareex5501-b0_firmwareex3510-b0px5301-t0ax7501-b0ex5512-t0ex3300-t0_firmwareex3500-t0vmg8623-t50bax7501-b1_firmwarevmg4005-b50bnebula_nr5101pm3100-t0ex5600-t1lte7490-m904ex3300-t0dx5401-b1_firmwarewx3100-t0emg5723-t50kpm5100-t0_firmwarewx5610-b0ee6510-10_firmwareex5401-b1_firmwareex3501-t0_firmwarewx3401-b0_firmwareex5601-t0_firmwareex7710-b0_firmwarevmg8825-t50k_firmwareex3600-t0_firmwareex3300-t1pm7500-t0vmg3927-b50bdx4510-b1vmg4927-b50a_firmwarelte3301-plusvmg3927-b50b_firmwarenebula_nr5101_firmwarewx5600-t0_firmwareemg3525-t50bpx3321-t1ee6510-10dx3300-t1ax7501-b1vmg4005-b50a_firmwarevmg4005-b60a_firmwarevmg4005-b50avmg4005-b50b_firmwarepx5301-t0_firmwarelte5398-m904_firmwarewx3401-b0ex3510-b1ex5600-t1_firmwaredx4510-b0nebula_lte3301-plusdx3300-t1_firmwareex3510-b0_firmwareemg5523-t50bex5401-b0nr7101_firmwareex5601-t1dx3300-t0ex5401-b0_firmwarepm3100-t0_firmwarevmg4927-b50apx3321-t1_firmwaredx4510-b1_firmwareex3301-t0_firmwareex5510-b0wx3401-b1vmg3927-t50k_firmwareex5401-b1ex2210-t0_firmwareex2210-t0lte5388-m804vmg4005-b60apm5100-t0lte7480-m804_firmwarenebula_nr7101_firmwareex7501-b0_firmwarewx3100-t0_firmwareemg3525-t50b_firmwarelte7490-m904_firmwarepm7300-t0vmg3625-t50bnebula_nr7101vmg8623-t50b_firmwareemg5723-t50k_firmwarenr7102ex3600-t0nr7102_firmwareex5501-b0ax7501-b0_firmwaredx3300-t0_firmwaredx3301-t0ex3300-t1_firmwaredx3301-t0_firmwareex5601-t1_firmwarevmg8825-t50kdx4510-b0_firmwareex5601-t0ex7501-b0wx5600-t0nebula_lte3301-plus_firmwarelte3301-plus_firmwareex3510-b1_firmwaredx5401-b0ex5512-t0_firmwareemg6726-b10a_firmwareex7710-b0emg6726-b10avmg3927-t50kex3501-t0pm7500-t0_firmwarewx5610-b0_firmwarevmg3625-t50b_firmwarewx3401-b1_firmwarelte5388-m804_firmwareVMG8825-T50K firmwarewx3401-b1_firmwarepm7500-t0_firmwaredx3300-t1_firmwaredx4510-b1_firmwarepm5100-t0_firmwarepx3321-t1_firmwareex2210-t0_firmwarelte5388-m804_firmwarenebula_lte3301-plus_firmwaredx5401_b1_firmwarelte5398-m904_firmwaredx5401-b0_firmwarepx5301-t0_firmwareax7501-b1_firmwarenr7102_firmwarevmg8825-t50k_firmwarepm7300-t0_firmwareax7501-b0_firmwaredx3300-t0_firmwarenr7101_firmwareee6510-10_firmwaredx3301-t0_firmwaredx4510-b0_firmwarelte7480-m804_firmwarenebula_nr5101_firmwarenebula_nr7101_firmwarelte7490-m904_firmwarelte3301-plus_firmwarewx3401-b0_firmwarewx3100-t0_firmwarewx5610-b0_firmwarepm3100-t0_firmwarewx5600-t0_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8882
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.10% / 26.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 01:23
Updated-14 Nov, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpgs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-16_firmwaregs1900-10hp_firmwaregs1900-16GS1900-48 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-9197
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.39% / 59.24%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 01:24
Updated-21 Jan, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3500-t0_firmwareex5510-b0_firmwareex3301-t0emg5523-t50b_firmwaredx5401-b1dx5401-b0_firmwareex5501-b0_firmwareex3510-b0px5301-t0ax7501-b0ex3300-t0_firmwareex3500-t0vmg8623-t50bax7501-b1_firmwareex5600-t1ex3300-t0dx5401-b1_firmwareemg5723-t50kee6510-10_firmwareex5401-b1_firmwareex3501-t0_firmwareex5601-t0_firmwarevmg8825-t50k_firmwareex3600-t0_firmwareex3300-t1dx4510-b1wx5600-t0_firmwareemg3525-t50bpx3321-t1ee6510-10dx3300-t1ax7501-b1px5301-t0_firmwareex3510-b1ex5600-t1_firmwaredx4510-b0dx3300-t1_firmwareex3510-b0_firmwareemg5523-t50bex5401-b0ex5601-t1dx3300-t0ex5401-b0_firmwarepx3321-t1_firmwaredx4510-b1_firmwareex3301-t0_firmwareex5510-b0vmg3927-t50k_firmwareex5401-b1ex7501-b0_firmwareemg3525-t50b_firmwarevmg3625-t50bax7501-b0_firmwarevmg8623-t50b_firmwareemg5723-t50k_firmwareex5501-b0ex3600-t0dx3300-t0_firmwaredx3301-t0ex3300-t1_firmwaredx3301-t0_firmwareex5601-t1_firmwarevmg8825-t50kdx4510-b0_firmwareex5601-t0ex7501-b0wx5600-t0ex3510-b1_firmwaredx5401-b0vmg3927-t50kex3501-t0vmg3625-t50b_firmwareVMG3625-T50B firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-43389
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.6||HIGH
EPSS-1.31% / 79.47%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte3202-m437pmg5317-t20bpm7320-b0_firmwarepm7320-b0nebula_fwa710nr7102nr5103e_firmwarenebula_nr7101pmg5617ganr7103_firmwarenebula_fwa510nr7102_firmwarenr7101nebula_fwa510_firmwareep240p_firmwarenr7101_firmwarelte7490-m904nr7103nebula_fwa710_firmwarelte3316-m604_firmwarepmg5622galte7480-m804_firmwarenr5103enebula_nr7101_firmwarepmg5317-t20b_firmwarelte7490-m904_firmwarepmg5622ga_firmwarelte3316-m604nr5103_firmwarelte3202-m437_firmwarenr5103pmg5617ga_firmwarelte7480-m804ep240pNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-43391
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.42% / 80.25%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-15 Oct, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex5601-t1_firmwaredx3301-t0vmg4005-b50anebula_lte7461-m602ex5512-t0_firmwarepm5100-t0_firmwarevmg3927-t50klte5388-m804_firmwarepm7320-b0vmg8825-t50klte5398-m904dx5401-b0ex5601-t1ex3510-b0ax7501-b0lte5398-m904_firmwarelte7240-m403nebula_nr5101vmg8623-t50blte7461-m602emg3525-t50bnr7102_firmwarevmg8825-t50k_firmwarepm7300-t0_firmwareemg5723-t50klte3301-plusdx3301-t0_firmwarepmg5622gaex5510-b0_firmwarelte7480-s905nebula_nr7101_firmwarepmg5317-t20b_firmwarepmg5617-t20b2lte7490-m904_firmwarenebula_lte7461-m602_firmwarepmg5622ga_firmwareex5401-b0_firmwarewx3401-b0_firmwarelte7480-s905_firmwareex5512-t0lte7485-s905ex5600-t1dx4510-b1pm3100-t0_firmwarewx3100-t0_firmwareemg5523-t50bvmg8623-t50b_firmwarevmg4005-b60awx3100-t0pmg5317-t20blte7485-s905_firmwareex5501-b0dx4510-b1_firmwarepm7320-b0_firmwarelte7240-m403_firmwarenebula_lte3301-plus_firmwareex5510-b0pmg5617-t20b2_firmwarevmg4005-b60a_firmwarenr7102ex5601-t0_firmwarevmg4005-b50a_firmwareex5501-b0_firmwaredx5401-b0_firmwareex3301-t0ex5401-b0nebula_nr7101lte7461-m602_firmwarenr5101_firmwarepmg5617ganebula_lte3301-plusex3510-b0_firmwarewx3401-b0pm5100-t0nr7101lte5388-m804ax7501-b0_firmwareemg5723-t50k_firmwarevmg3927-t50k_firmwarepm3100-t0nr7101_firmwarelte7490-m904ex5601-t0ex5600-t1_firmwarelte7480-m804_firmwarenebula_nr5101_firmwarelte3301-plus_firmwarewx5600-t0emg5523-t50b_firmwarenr5101pm7300-t0ex3301-t0_firmwarepmg5617ga_firmwarelte7480-m804emg3525-t50b_firmwarewx5600-t0_firmwareNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-7673
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.67%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 07:11
Updated-14 Jan, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg1312-t20bemg5723-t50k_firmwarevmg3927-t50kvmg8825-b50avmg8924-b10d_firmwarexmg8825-b50avmg8825-t50k_firmwarevmg3925-b10bemg5523-t50bxmg8825-b50a_firmwarevmg4005-b50b_firmwarevmg3927-t50k_firmwarevmg3927-b50bvmg8825-b60aemg3525-t50b_firmwareemg6726-b10avmg8825-b60a_firmwarevmg3625-t50b_firmwarevmg8825-t50kvmg3927-b50avmg4927-b50avmg3927-b60a_firmwareex5510-b0vmg3925-b10b_firmwarevmg8825-bx0b_firmwarevmg3925-b10cxmg3927-b50a_firmwarevmg4927-b50a_firmwarevmg3927-b50b_firmwarevmg3625-t50bex3510-b0vmg1312-t20b_firmwareemg5523-t50b_firmwareex3510-b0_firmwarevmg8623-t50b_firmwarevmg8924-b10demg3525-t50bemg5723-t50kvmg8623-t50bvmg3927-b50a_firmwarevmg8825-bx0bvmg8825-b50a_firmwarevmg3925-b10c_firmwareemg6726-b10a_firmwareex5510-b0_firmwarevmg3927-b60axmg3927-b50avmg4005-b50bVMG8825-T50K firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-26414
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.23%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 12:05
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg8825-b60apx7501-b0vmg3927-t50kvmg3927-b50bvmg3927-b60a_firmwarevmg8825-t50kdx5401-b0ax7501-b0ex3510-b0vmg3927-b50a_firmwarevmg8623-t50bvmg4927-b50aemg3525-t50bvmg1312-t20bvmg8825-t50k_firmwarepm7300-t0_firmwareemg5723-t50kvmg3312-t20a_firmwareemg6726-b10avmg4927-b50a_firmwarexmg8825-b50apmg5622gapmg5317-t20b_firmwarepmg5617-t20b2vmg3927-b50apmg5622ga_firmwareex5401-b0_firmwarevmg8825-b60a_firmwarexmg3927-b50a_firmwareemg5523-t50bvmg8623-t50b_firmwarepmg5317-t20bex5501-b0vmg8825-b60bvmg8825-b50b_firmwarepmg5617-t20b2_firmwarepx7501-b0_firmwaredx5401-b0_firmwareex5501-b0_firmwareex5401-b0xmg3927-b50avmg1312-t20b_firmwarepmg5617gavmg8825-b50a_firmwareex3510-b0_firmwarevmg3312-t20axmg8825-b50a_firmwareax7501-b0_firmwareemg5723-t50k_firmwarevmg3927-t50k_firmwareep240p_firmwarevmg8825-b50bvmg8825-b50avmg3927-b60aemg5523-t50b_firmwarevmg8825-b60b_firmwarepm7300-t0vmg3625-t50bpmg5617ga_firmwarevmg3625-t50b_firmwareemg6726-b10a_firmwareemg3525-t50b_firmwarevmg3927-b50b_firmwareep240pVMG3312-T20A firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-43314
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.11%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 00:00
Updated-02 Aug, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-pmg2005-t20b_firmwarepmg2005-t20bPMG2005-T20B
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-6343
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.18% / 40.06%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:28
Updated-13 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_100axusg_flex_700usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmwareATP series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-0816
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 01:29
Updated-22 Jan, 2025 | 22:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nebula_lte7461-m602_firmwarelte5388-m804_firmwareex3510_firmwarelte5398-m904ex5600-t1_firmwareex3501-t0vmg4005-b60alte5388-m804lte7480-m804_firmwaredx4510_firmwarenr5103edx4510dx5401-b0_firmwarevmg8623-t50b_firmwareex3320-t0pm7300-t0lte7490-m904_firmwarenr7303_firmwarenebula_fwa510nr7501_firmwarevmg4005-b60a_firmwarepx3321-t1_firmwarewx3100-t0_firmwarevmg8825-t50k_firmwareemg3525-t50blte3301-plusex3320-t1_firmwarenebula_fwa710nr7101_firmwareex7710-b0_firmwarenr5307dx5401-b1ex7710-b0nr7302ax7501-b1nebula_lte3301-plusdx3300-t1_firmwarenebula_fwa505ex5600-t1wx5600-t0_firmwarenr7303ax7501-b0_firmwareex3510ex5601-t1_firmwarevmg8623-t50bnebula_nr7101_firmwarenr7103vmg3927-t50k_firmwarenebula_nr5101wx3100-t0nr5103ev2nebula_fwa710_firmwarenebula_nr5101_firmwarevmg4005-b50a_firmwarenebula_fwa510_firmwarenr5307_firmwareex3300-t1_firmwarepm5100-t0ex3500-t0_firmwarelte5398-m904_firmwaredx5401-b0nebula_lte3301-plus_firmwareex3501-t0_firmwarepx3321-t1ex5510vmg8825-t50kvmg3625-t50b_firmwarenr7302_firmwarenebula_fwa505_firmwarepm3100-t0wx3401-b0_firmwarewx5610-b0ex5401-b0lte7480-m804vmg3927-t50kex5401-b1_firmwarenbg7510_firmwarenr7501vmg4005-b50aex5601-t0_firmwareex5401-b0_firmwareex3301-t0nr7103_firmwareemg5723-t50kdx3300-t1ex3320-t1nr7102wx5610-b0_firmwarenebula_nr7101dx5401-b1_firmwareex5601-t1ex3320-t0_firmwarenr7102_firmwareex5512-t0_firmwarewx5600-t0wx3401-b0lte3202-m437ax7501-b1_firmwarenr5103ex3301-t0_firmwareemg5523-t50bemg5523-t50b_firmwareex5501-b0lte3301-plus_firmwarepm5100-t0_firmwarepm7300-t0_firmwareex3300-t1vmg3625-t50bex5401-b1emg5723-t50k_firmwaredx3301-t0ex5601-t0ex5510_firmwarepm3100-t0_firmwarenr5103_firmwarenr7101lte7490-m904emg3525-t50b_firmwarenebula_lte7461-m602dx3301-t0_firmwareax7501-b0ex5512-t0ex3500-t0lte3202-m437_firmwarenbg7510ex5501-b0_firmwarenr5103ev2_firmwarelte7240-m403lte7240-m403_firmwarenr5103e_firmwareDX3300-T1 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-43392
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 67.73%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-27 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex5601-t1_firmwaredx3301-t0vmg4005-b50anebula_lte7461-m602ex5512-t0_firmwarepm5100-t0_firmwarevmg3927-t50klte5388-m804_firmwarepm7320-b0vmg8825-t50klte5398-m904dx5401-b0ex5601-t1ex3510-b0ax7501-b0lte5398-m904_firmwarelte7240-m403nebula_nr5101vmg8623-t50blte7461-m602emg3525-t50bnr7102_firmwarevmg8825-t50k_firmwarepm7300-t0_firmwareemg5723-t50klte3301-plusdx3301-t0_firmwarepmg5622gaex5510-b0_firmwarelte7480-s905nebula_nr7101_firmwarepmg5317-t20b_firmwarepmg5617-t20b2lte7490-m904_firmwarenebula_lte7461-m602_firmwarepmg5622ga_firmwareex5401-b0_firmwarewx3401-b0_firmwarelte7480-s905_firmwareex5512-t0lte7485-s905ex5600-t1dx4510-b1pm3100-t0_firmwarewx3100-t0_firmwareemg5523-t50bvmg8623-t50b_firmwarevmg4005-b60awx3100-t0pmg5317-t20blte7485-s905_firmwareex5501-b0dx4510-b1_firmwarepm7320-b0_firmwarelte7240-m403_firmwarenebula_lte3301-plus_firmwareex5510-b0pmg5617-t20b2_firmwarevmg4005-b60a_firmwarenr7102ex5601-t0_firmwarevmg4005-b50a_firmwareex5501-b0_firmwaredx5401-b0_firmwareex3301-t0ex5401-b0nebula_nr7101lte7461-m602_firmwarenr5101_firmwarepmg5617ganebula_lte3301-plusex3510-b0_firmwarewx3401-b0pm5100-t0nr7101lte5388-m804ax7501-b0_firmwareemg5723-t50k_firmwarevmg3927-t50k_firmwarepm3100-t0nr7101_firmwarelte7490-m904ex5601-t0ex5600-t1_firmwarelte7480-m804_firmwarenebula_nr5101_firmwarelte3301-plus_firmwarewx5600-t0emg5523-t50b_firmwarenr5101pm7300-t0ex3301-t0_firmwarepmg5617ga_firmwarelte7480-m804emg3525-t50b_firmwarewx5600-t0_firmwareNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-4397
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.07%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:42
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_700vpn50wusg_flex_100wusg_flex_500usg_flex_50ATP series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmware USG FLEX 50(W) series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-37926
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.00%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:37
Updated-02 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldvpn100usg_20w-vpnatp100atp800usg_flex_200vpn50usg_flex_100atp100wusg_flex_50watp200atp700atp500usg_flex_700vpn1000vpn50wvpn300usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-37929
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 80.52%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 01:23
Updated-22 Jan, 2025 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3510_firmwarevmg8825-t50kvmg3625-t50b_firmwareex5600-t1_firmwareex3501-t0wx5610-b0ex5401-b0vmg3927-t50kex5401-b1_firmwaredx4510_firmwaredx4510dx5401-b0_firmwarevmg8623-t50b_firmwarenbg7510_firmwareex5601-t0_firmwareex5401-b0_firmwareex3301-t0emg5723-t50kdx3300-t1wx3100-t0_firmwarevmg8825-t50k_firmwareemg3525-t50bwx5610-b0_firmwaredx5401-b1_firmwareex5601-t1ex5512-t0_firmwarewx5600-t0ex7710-b0_firmwareax7501-b1_firmwareex3301-t0_firmwareemg5523-t50bdx5401-b1emg5523-t50b_firmwareex5501-b0ex7710-b0ex3300-t1ax7501-b1dx3300-t1_firmwarevmg3625-t50bex5401-b1emg5723-t50k_firmwaredx3301-t0ex5600-t1wx5600-t0_firmwareex5601-t0ax7501-b0_firmwareex3510ex5601-t1_firmwarevmg8623-t50bex5510_firmwarevmg3927-t50k_firmwarewx3100-t0emg3525-t50b_firmwaredx3301-t0_firmwareax7501-b0nbg7510ex5512-t0ex3500-t0ex3300-t1_firmwareex5501-b0_firmwareex3500-t0_firmwaredx5401-b0ex3501-t0_firmwareex5510V5.50(ABPM.8)C0 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33009
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.17% / 90.62%
||
7 Day CHG+0.01%
Published-24 May, 2023 | 00:00
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_100usg_flex_500_firmwarevpn300_firmwarevpn50atp100_firmwareatp500_firmwareatp100w_firmwareusg_flex_700_firmwareusg_40w_firmwareusg_40wusg_flex_50w_firmwareusg20-vpn_firmwareatp700_firmwarevpn100atp800usg_60w_firmwareusg_flex_200_firmwareusg_flex_100wusg_60wvpn100_firmwareusg_flex_50usg_flex_100_firmwareusg_60_firmwareusg_20w-vpn_firmwareusg20-vpnusg_60usg_flex_700usg_flex_50_firmwareatp100atp200atp800_firmwarevpn300usg_flex_100w_firmwarevpn1000atp200_firmwareusg_flex_500vpn1000_firmwareusg_40_firmwareusg_40atp100wusg_flex_200atp700vpn50_firmwareusg_flex_50wusg_20w-vpnatp500USG FLEX series firmwareATP series firmwareUSG20(W)-VPN firmwareUSG FLEX 50(W) firmwareVPN series firmwareZyWALL/USG series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33010
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.85% / 90.35%
||
7 Day CHG+0.01%
Published-24 May, 2023 | 00:00
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_100usg_flex_500_firmwarevpn300_firmwarevpn50atp100_firmwareatp500_firmwareatp100w_firmwareusg_flex_700_firmwareusg_40w_firmwareusg_40wusg_flex_50w_firmwareusg20-vpn_firmwareatp700_firmwarevpn100atp800usg_60w_firmwareusg_flex_200_firmwareusg_flex_100wusg_60wvpn100_firmwareusg_flex_50usg_flex_100_firmwareusg_60_firmwareusg_20w-vpn_firmwareusg20-vpnusg_60usg_flex_700usg_flex_50_firmwareatp100atp200atp800_firmwarevpn300usg_flex_100w_firmwarevpn1000atp200_firmwareusg_flex_500vpn1000_firmwareusg_40_firmwareusg_40atp100wusg_flex_200atp700vpn50_firmwareusg_flex_50wusg_20w-vpnatp500USG FLEX series firmwareATP series firmwareUSG20(W)-VPN firmwareUSG FLEX 50(W) firmwareVPN series firmwareZyWALL/USG series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-28769
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-70.32% / 98.65%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx5401-b0_firmwaredx5401-b0DX5401-B0 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-27989
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.57%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 11:02
Updated-08 Jan, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte7490-m904_firmwarenr7101_firmwarelte7490-m904nebula_nr7101lte7480-m804lte7480-m804_firmwarenebula_nr7101_firmwarenr7101NR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-24548
Matching Score-4
Assigner-Arista Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Arista Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.82%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 16:13
Updated-30 Sep, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

Action-Not Available
Vendor-Arista Networks, Inc.
Product-7280dr3am-367280dr3a-547280dr3-247800r3a-36pm7504r37800r3ak-36dm7812r37280dr3ak-367500r3-36cq7500r3-24d7500r3-24p7800r3k-48cq7800r3-48cq7800r3ak-36pm7280cr3a-727800r3k-72y7512r37800r3a-36dm7280cr3a-48d67280sr3-40yc67280dr3ak-547280cr3-967800r3a-36d7800r3a-36p7500r3k-48y4d7800r3k-48cqms7280r37800r3k-36dm7280tr3-40c67280dr3am-547500r3k-36cq7512r37280cr3-32d47280cr3-36s7508r37800r3-36p7808r37280cr3-32p47816r37280cr3a-24d127280pr3-24eos7280sr3-48yc87800r3-36d7280dr3a-36EOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-48712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.77%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 00:00
Updated-21 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660_firmwaretl-wdr7660n/atl-wdr7660_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-48710
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.77%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 00:00
Updated-21 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660_firmwaretl-wdr7660n/atl-wdr7660_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-48714
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.77%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 00:00
Updated-21 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660_firmwaretl-wdr7660n/atl-wdr7660_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-16336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 66.73%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 17:59
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.

Action-Not Available
Vendor-cypressn/a
Product-cybl11573cyble-416045n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-48289
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.10%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 00:00
Updated-04 Nov, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46215
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.13%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.

Action-Not Available
Vendor-n/amercury
Product-n/akm08-708h_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-44415
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.05%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-n/adi-8200_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-6350
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.40%
||
7 Day CHG-0.00%
Published-08 Jan, 2025 | 17:12
Updated-08 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EmberZNet malformed MAC layer packet leads to denial of service

A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically.

Action-Not Available
Vendor-silabs.com
Product-Simplicity SDK
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-17061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 71.53%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 20:17
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.

Action-Not Available
Vendor-cypressn/a
Product-psoc_4_blepsoc_4n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39538
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.31%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 16:14
Updated-22 Jan, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: ACX7000 Series: When multicast traffic with a specific (S,G) is received evo-pfemand crashes

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a  Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered. This issue affects Junos OS Evolved on ACX7000 Series: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO,  * 22.4-EVO versions before 22.4R3-S2-EVO,  * 23.2-EVO versions before 23.2R2-EVO,  * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-acx7020acx7100acx7024acx7024xjunos_os_evolvedacx7300acx7509Junos OS Evolved
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39543
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.31%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 16:21
Updated-23 Jan, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash

A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects  Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S2,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO,  * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S2-EVO,  * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1379
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.64%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:42
Updated-06 Jan, 2026 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8861_with_multiplatform_firmwareip_phone_7821ip_phone_7841_with_multiplatform_firmwareip_phone_8861_firmwareip_phone_7811_with_multiplatform_firmwarewireless_ip_phone_8821-ex_firmwareip_phone_7841ip_conference_phone_8832_with_multiplatform_firmwareip_phone_7821_firmwareip_phone_7861_with_multiplatform_firmwareip_phone_8845_with_multiplatform_firmwareip_phone_7841_firmwareip_conference_phone_7832_firmwareip_phone_8851_firmwareip_phone_7811_firmwareip_phone_8841_with_multiplatform_firmwareip_phone_8841ip_phone_8865_firmwareip_conference_phone_8832ip_phone_6871_with_multiplatform_firmwarewireless_ip_phone_8821-exip_conference_phone_8832_firmwareip_phone_8811_with_multiplatform_firmwareip_phone_8861ip_phone_7811spa525g_firmwareip_phone_7821_with_multiplatform_firmwarespa525gip_phone_8845ip_phone_7861ip_phone_6821ip_phone_7861_firmwareip_phone_6871ip_phone_8851ip_conference_phone_7832ip_phone_6841_with_multiplatform_firmwareip_phone_6821_with_multiplatform_firmwareip_phone_8841_firmwareip_phone_6861_with_multiplatform_firmwarewireless_ip_phone_8821_firmwareip_phone_8845_firmwareunified_ip_conference_phone_8831ip_conference_phone_7832_with_multiplatform_firmwareip_phone_8811ip_phone_8865wireless_ip_phone_8821ip_phone_8811_firmwareip_phone_8851_with_multiplatform_firmwareip_phone_6861unified_ip_conference_phone_8831_for_third-party_call_control_firmwareip_phone_6851_with_multiplatform_firmwareip_phone_6841ip_phone_8865_with_multiplatform_firmwareip_phone_6851unified_ip_conference_phone_8831_firmwareCisco IP Phones with Multiplatform FirmwareCisco Session Initiation Protocol (SIP) SoftwareCisco Small Business IP Phones
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39181
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.02%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 00:00
Updated-20 Aug, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a buffer overflow via the ApCliSsid parameter in thegenerate_conf_router() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-szlbtn/a
Product-lbt-t300-t400lbt-t300-t400_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-37607
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 73.61%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 00:00
Updated-21 May, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-2555_firmwaredap-2555n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-9238
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.35%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:23
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-an00b_firmwaretaurus-an00bTaurus-AN00B
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-51409
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.35% / 79.76%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 00:00
Updated-11 Apr, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-o3_firmwareo3n/ao3_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-50956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.66%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 00:00
Updated-25 Nov, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted Modbus message.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-48713
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.77%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 00:00
Updated-21 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660_firmwaretl-wdr7660n/atl-wdr7660_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8065
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.02% / 5.54%
||
7 Day CHG~0.00%
Published-20 Dec, 2025 | 00:41
Updated-08 Jan, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow in ONVIF XML Parser on Tapo C200

A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c200_firmwaretapo_c200Tapo C200 V3
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-67189
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.62%
||
7 Day CHG-0.00%
Published-03 Feb, 2026 | 00:00
Updated-10 Feb, 2026 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a950rg_firmwarea950rgn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-24501
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.13%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:42
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_network_adapter_e810-cqda1_for_ocp_3.0ethernet_network_adapter_e810-cqda1_for_ocpethernet_network_adapter_e810-cqda2ethernet_network_adapter_e810-xxvda2ethernet_network_adapter_e810-xxvda2_for_ocpethernet_network_adapter_e810-xxvda4ethernet_network_adapter_e810-cqda1ethernet_network_adapter_e810-xxvda2_for_ocp_3.0ethernet_network_adapter_e810_firmwareethernet_network_adapter_e810-cqda2_for_ocp_3.0Intel(R) E810 Ethernet Controllers
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-67074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.35%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 00:00
Updated-02 Jan, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac10_firmwareac10n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-15532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.29%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 18:59
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.

Action-Not Available
Vendor-silabsn/a
Product-bluetooth_low_energy_software_development_kitn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-65288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.02%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 00:00
Updated-12 Dec, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long hostname can overflow the buffer, cause a crash (DoS) and potentially enabling remote code execution.

Action-Not Available
Vendor-mercurycomn/a
Product-mr816_firmwaremr816n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • Next
Details not found