Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-43314

Summary
Assigner-Zyxel
Assigner Org ID-96e50032-ad0d-4058-a115-4d2c13821f9f
Published At-27 Sep, 2023 | 00:00
Updated At-02 Aug, 2024 | 19:37
Rejected At-
Credits

** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zyxel
Assigner Org ID:96e50032-ad0d-4058-a115-4d2c13821f9f
Published At:27 Sep, 2023 | 00:00
Updated At:02 Aug, 2024 | 19:37
Rejected At:
▼CVE Numbering Authority (CNA)

** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.

Affected Products
Vendor
Zyxel Networks CorporationZyxel
Product
PMG2005-T20B
Default Status
unaffected
Versions
Affected
  • V1.00(ABNK.2)b11_C0
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Rumble00/Rumble/issues/1
N/A
Hyperlink: https://github.com/Rumble00/Rumble/issues/1
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Rumble00/Rumble/issues/1
x_transferred
Hyperlink: https://github.com/Rumble00/Rumble/issues/1
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zyxel.com.tw
Published At:27 Sep, 2023 | 23:15
Updated At:25 Feb, 2026 | 18:17

** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Zyxel Networks Corporation
zyxel
>>pmg2005-t20b_firmware>>-
cpe:2.3:o:zyxel:pmg2005-t20b_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>pmg2005-t20b>>-
cpe:2.3:h:zyxel:pmg2005-t20b:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Secondarysecurity@zyxel.com.tw
CWE-120Primarynvd@nist.gov
CWE ID: CWE-120
Type: Secondary
Source: security@zyxel.com.tw
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Rumble00/Rumble/issues/1security@zyxel.com.tw
N/A
https://github.com/Rumble00/Rumble/issues/1af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/Rumble00/Rumble/issues/1
Source: security@zyxel.com.tw
Resource: N/A
Hyperlink: https://github.com/Rumble00/Rumble/issues/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

507Records found
CVE-2024-8748
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 72.77%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 01:15
Updated-21 Jan, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3500-t0_firmwareex5510-b0_firmwarenr7101pm7300-t0_firmwareex3301-t0emg5523-t50b_firmwaredx5401-b1lte7480-m804lte5398-m904dx5401-b0_firmwareex5501-b0_firmwareex3510-b0px5301-t0ax7501-b0ex5512-t0ex3300-t0_firmwareex3500-t0vmg8623-t50bax7501-b1_firmwarevmg4005-b50bnebula_nr5101pm3100-t0ex5600-t1lte7490-m904ex3300-t0dx5401-b1_firmwarewx3100-t0emg5723-t50kpm5100-t0_firmwarewx5610-b0ee6510-10_firmwareex5401-b1_firmwareex3501-t0_firmwarewx3401-b0_firmwareex5601-t0_firmwareex7710-b0_firmwarevmg8825-t50k_firmwareex3600-t0_firmwareex3300-t1pm7500-t0vmg3927-b50bdx4510-b1vmg4927-b50a_firmwarelte3301-plusvmg3927-b50b_firmwarenebula_nr5101_firmwarewx5600-t0_firmwareemg3525-t50bpx3321-t1ee6510-10dx3300-t1ax7501-b1vmg4005-b50a_firmwarevmg4005-b60a_firmwarevmg4005-b50avmg4005-b50b_firmwarepx5301-t0_firmwarelte5398-m904_firmwarewx3401-b0ex3510-b1ex5600-t1_firmwaredx4510-b0nebula_lte3301-plusdx3300-t1_firmwareex3510-b0_firmwareemg5523-t50bex5401-b0nr7101_firmwareex5601-t1dx3300-t0ex5401-b0_firmwarepm3100-t0_firmwarevmg4927-b50apx3321-t1_firmwaredx4510-b1_firmwareex3301-t0_firmwareex5510-b0wx3401-b1vmg3927-t50k_firmwareex5401-b1ex2210-t0_firmwareex2210-t0lte5388-m804vmg4005-b60apm5100-t0lte7480-m804_firmwarenebula_nr7101_firmwareex7501-b0_firmwarewx3100-t0_firmwareemg3525-t50b_firmwarelte7490-m904_firmwarepm7300-t0vmg3625-t50bnebula_nr7101vmg8623-t50b_firmwareemg5723-t50k_firmwarenr7102ex3600-t0nr7102_firmwareex5501-b0ax7501-b0_firmwaredx3300-t0_firmwaredx3301-t0ex3300-t1_firmwaredx3301-t0_firmwareex5601-t1_firmwarevmg8825-t50kdx4510-b0_firmwareex5601-t0ex7501-b0wx5600-t0nebula_lte3301-plus_firmwarelte3301-plus_firmwareex3510-b1_firmwaredx5401-b0ex5512-t0_firmwareemg6726-b10a_firmwareex7710-b0emg6726-b10avmg3927-t50kex3501-t0pm7500-t0_firmwarewx5610-b0_firmwarevmg3625-t50b_firmwarewx3401-b1_firmwarelte5388-m804_firmwareVMG8825-T50K firmwarewx3401-b1_firmwarepm7500-t0_firmwaredx3300-t1_firmwaredx4510-b1_firmwarepm5100-t0_firmwarepx3321-t1_firmwareex2210-t0_firmwarelte5388-m804_firmwarenebula_lte3301-plus_firmwaredx5401_b1_firmwarelte5398-m904_firmwaredx5401-b0_firmwarepx5301-t0_firmwareax7501-b1_firmwarenr7102_firmwarevmg8825-t50k_firmwarepm7300-t0_firmwareax7501-b0_firmwaredx3300-t0_firmwarenr7101_firmwareee6510-10_firmwaredx3301-t0_firmwaredx4510-b0_firmwarelte7480-m804_firmwarenebula_nr5101_firmwarenebula_nr7101_firmwarelte7490-m904_firmwarelte3301-plus_firmwarewx3401-b0_firmwarewx3100-t0_firmwarewx5610-b0_firmwarepm3100-t0_firmwarewx5600-t0_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22922
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.58%
||
7 Day CHG-0.14%
Published-01 May, 2023 | 00:00
Updated-30 Jan, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg-418n_firmwarenbg-418nNBG-418N v2 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22915
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 77.86%
||
7 Day CHG-0.01%
Published-24 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_50w_firmwarevpn100usg_20w-vpnusg_20w-vpn_firmwareusg_flex_500usg_flex_200usg_flex_500_firmwarevpn1000_firmwareusg_flex_100w_firmwareusg_flex_100vpn50usg_flex_100_firmwareusg_flex_200_firmwareusg_flex_50wvpn50_firmwareusg_flex_50_firmwareusg_flex_700_firmwareusg_flex_700vpn100_firmwarevpn1000vpn300usg_flex_100wvpn300_firmwareusg_flex_50USG FLEX 50(W) firmwareUSG20(W)-VPN firmwareUSG FLEX series firmwareVPN series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22917
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.36%
||
7 Day CHG-0.00%
Published-24 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vpn100atp100_firmwareatp100atp800_firmwareusg_flex_200usg_flex_500_firmwareusg_flex_100w_firmwareusg_flex_100vpn300_firmwareatp100w_firmwareatp100wusg_flex_200_firmwarevpn50_firmwareatp200atp700usg_flex_700vpn100_firmwarevpn300usg_flex_100wusg_flex_50w_firmwareusg_20w-vpnatp700_firmwareusg_20w-vpn_firmwareatp500_firmwareatp800vpn1000_firmwarevpn50usg_flex_100_firmwareusg_flex_50wusg_flex_50_firmwareatp500usg_flex_700_firmwarevpn1000usg_flex_500usg_flex_50atp200_firmwareVPN series firmwareATP series firmwareUSG FLEX 50(W) firmwareUSG20(W)-VPN firmwareUSG FLEX series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-5412
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 74.17%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:18
Updated-24 Feb, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx4510-b0_firmwareex5601-t1_firmwareex5512-t0vmg4005-b50aex5510-b0vmg3927-t50k_firmwareax7501-b0_firmwareax7501-b1_firmwarenebula_fwa510_firmwarenr7103_firmwareex7501-b0_firmwaredx3300-t1_firmwarenebula_lte3301-pluspm5100-t0_firmwarenr5103ev2vmg3625-t50bnr5307ax7501-b0vmg3927-t50kpx3321-t1ex5401-b0_firmwaredx5401-b0ex7710-b0_firmwarenebula_fwa505_firmwareex3501-t0_firmwarewx3401-b0dx4510-b0nebula_fwa505nebula_lte3301-plus_firmwarepm7300-t0_firmwarevmg4005-b60a_firmwareemg3525-t50b_firmwarepm3100-t0dx5401-b0_firmwareex5401-b0vmg8825-t50kscr50axe_firmwaredx5401-b1nr7302_firmwareex5401-b1_firmwareemg3525-t50bemg5723-t50kex5510-b0_firmwarewx3100-t0dx5401-b1_firmwareex5601-t1nr5103ev2_firmwarenr7303nr7302wx3401-b0_firmwarepm7300-t0nr7501_firmwarenr5103_firmwareemg5723-t50k_firmwarevmg8623-t50b_firmwarenebula_fwa710_firmwareex3301-t0ex3510-b0dx3301-t0ex7501-b0wx5600-t0_firmwareex5401-b1nr5103ex3500-t0ex3300-t1_firmwarescr_50axedx3301-t0_firmwareex3500-t0_firmwarevmg8825-t50k_firmwarevmg3625-t50b_firmwarenr7303_firmwarevmg8623-t50bvmg4005-b50a_firmwareex5601-t0_firmwareex3301-t0_firmwarenebula_fwa710vmg4005-b60adx3300-t0ex5601-t0nr5307_firmwaredx3300-t1ex3510-b0_firmwareex7710-b0wx3100-t0_firmwareex3300-t0ex3300-t1nebula_fwa510wx5600-t0pm5100-t0ex5512-t0_firmwarenr7501ex3300-t0_firmwareemg5523-t50b_firmwarepx3321-t1_firmwarenr7103ex3501-t0ax7501-b1dx3300-t0_firmwareemg5523-t50bpm3100-t0_firmwareVMG8825-T50K firmwarevmg8825-t50k_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-4398
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.96%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:48
Updated-17 Oct, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldvpn100usg_20w-vpnatp100atp800usg_flex_200vpn50usg_flex_100atp100wusg_flex_50watp200atp700atp500usg_flex_700vpn1000vpn50wvpn300usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmwareusg_flex_50w_firmwarevpn_firmwareatp_firmwareusg20w-vpn_firmwareusg_flex_firmware
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-6599
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.61%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 01:19
Updated-16 Dec, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg3927-t50k_firmwareex3500-t0nr5103we3300-00_firmwarenebula_fwa505_firmwarevmg3927-b50b_firmwareee6510-10_firmwaredx3300-t0_firmwareex7501-b0dx5401-b0_firmwarewx5600-t0_firmwaregm4100-b0vmg8825-t50kpm7300-t0ex3501-t0_firmwareex3300-t0_firmwarevmg8825-t50k_firmwarevmg4005-b50adx4510-b1_firmwaredx3301-t0emg6726-b10a_firmwareex3301-t0vmg4005-b50a_firmwareex5512-t0nr5309dx3301-t0_firmwareax7501-b0_firmwarescr_50axeemg5523-t50b_firmwareax7501-b1dx3300-t0ex7501-b0_firmwareee5301-00_firmwareex5601-t0nr7303px5301-t0_firmwareex5510-b0nebula_fwa515_firmwareemg5523-t50bvmg4005-b60anr7302ex5401-b0pm7500-00_firmwarevmg3625-t50b_firmwarevmg4005-b50b_firmwarepx3321-t1pm5100-t0_firmwarewx5600-t0nebula_fwa505emg5723-t50kax7501-b0ex3300-t1pe5301-01ex3300-t1_firmwaredx5401-b1gm4100-b0_firmwaredx5401-b0wx3401-b1_firmwarenr5103e_firmwarepm7500-00ee3301-00_firmwarewx3401-b1nr5103_firmwarenebula_fwa510vmg8623-t50b_firmwarescr_50axe_firmwarewx5610-b0_firmwarepm5100-t0emg6726-b10apm3100-t0ex7710-b0ex5501-b0vmg8623-t50bwe3300-00vmg4005-b60a_firmwarewx3401-b0nr5309_firmwareex3500-t0_firmwarenebula_fwa515ex5501-b0_firmwareex5401-b1ex3600-t0_firmwarelte3301-pluswx3401-b0_firmwarevmg3625-t50bpx3321-t1_firmwareex7710-b0_firmwarenebula_fwa710ex5601-t1_firmwarelte3301-plus_firmwarevmg4927-b50adm4200-b0_firmwareex5401-b1_firmwaredx3300-t1wx5610-b0vmg4927-b50a_firmwareex3501-t0ex5401-b0_firmwareemg5723-t50k_firmwareee5301-00vmg3927-t50kex5512-t0_firmwaredx5401-b1_firmwareemg3525-t50bax7501-b1_firmwareex5601-t1ex3300-t0nr5103enebula_fwa510_firmwareex3600-t0vmg3927-b50bnr7303_firmwarenr7302_firmwarevmg4005-b50bpx5301-t0pe3301-00nebula_fwa710_firmwaredm4200-b0wx3100-t0_firmwaredx3300-t1_firmwarepm3100-t0_firmwarewx3100-t0pe5301-01_firmwarepm7300-t0_firmwarepe3301-00_firmwareex3301-t0_firmwareemg3525-t50b_firmwareex5601-t0_firmwareee6510-10ex5510-b0_firmwareee3301-00dx4510-b1DX3301-T0 firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42058
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.38%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:47
Updated-13 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_100axusg_flex_700usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmwareATP series firmwareusg_flex_50w_firmwareatp800_firmwareusg_flex_700h_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-22924
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.48% / 65.02%
||
7 Day CHG-0.11%
Published-01 May, 2023 | 00:00
Updated-30 Jan, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg-418n_firmwarenbg-418nNBG-418N v2 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-4397
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.27%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:42
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_700vpn50wusg_flex_100wusg_flex_500usg_flex_50ATP series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmware USG FLEX 50(W) series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-37929
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 80.95%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 01:23
Updated-22 Jan, 2025 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3510_firmwarevmg8825-t50kvmg3625-t50b_firmwareex5600-t1_firmwareex3501-t0wx5610-b0ex5401-b0vmg3927-t50kex5401-b1_firmwaredx4510_firmwaredx4510dx5401-b0_firmwarevmg8623-t50b_firmwarenbg7510_firmwareex5601-t0_firmwareex5401-b0_firmwareex3301-t0emg5723-t50kdx3300-t1wx3100-t0_firmwarevmg8825-t50k_firmwareemg3525-t50bwx5610-b0_firmwaredx5401-b1_firmwareex5601-t1ex5512-t0_firmwarewx5600-t0ex7710-b0_firmwareax7501-b1_firmwareex3301-t0_firmwareemg5523-t50bdx5401-b1emg5523-t50b_firmwareex5501-b0ex7710-b0ex3300-t1ax7501-b1dx3300-t1_firmwarevmg3625-t50bex5401-b1emg5723-t50k_firmwaredx3301-t0ex5600-t1wx5600-t0_firmwareex5601-t0ax7501-b0_firmwareex3510ex5601-t1_firmwarevmg8623-t50bex5510_firmwarevmg3927-t50k_firmwarewx3100-t0emg3525-t50b_firmwaredx3301-t0_firmwareax7501-b0nbg7510ex5512-t0ex3500-t0ex3300-t1_firmwareex5501-b0_firmwareex3500-t0_firmwaredx5401-b0ex3501-t0_firmwareex5510V5.50(ABPM.8)C0 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-37926
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.47%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:37
Updated-02 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldvpn100usg_20w-vpnatp100atp800usg_flex_200vpn50usg_flex_100atp100wusg_flex_50watp200atp700atp500usg_flex_700vpn1000vpn50wvpn300usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33009
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.17% / 90.90%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-26 Feb, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_200_firmwareusg_flex_700_firmwareusg_flex_200usg_flex_500_firmwareatp100wvpn1000_firmwareusg_60_firmwareusg_flex_100w_firmwareusg_flex_50vpn100usg20-vpn_firmwareusg20-vpnusg_40_firmwareusg_flex_50_firmwareusg_40watp200vpn300_firmwareusg_flex_50w_firmwareusg_flex_50wvpn1000usg_60atp700atp100_firmwareusg_40usg_flex_100_firmwareusg_flex_100vpn300atp100w_firmwareusg_40w_firmwareusg_flex_500atp500vpn100_firmwarevpn50usg_20w-vpn_firmwareatp200_firmwareusg_60w_firmwareatp500_firmwarevpn50_firmwareatp700_firmwareatp800_firmwareatp800usg_20w-vpnusg_flex_700usg_60wusg_flex_100watp100USG FLEX series firmwareATP series firmwareUSG20(W)-VPN firmwareUSG FLEX 50(W) firmwareVPN series firmwareZyWALL/USG series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8882
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.10% / 26.07%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 01:23
Updated-14 Nov, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpgs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-16_firmwaregs1900-10hp_firmwaregs1900-16GS1900-48 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-6343
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.24% / 47.66%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:28
Updated-13 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_100axusg_flex_700usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmwareATP series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-28769
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-72.19% / 98.77%
||
7 Day CHG+2.54%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx5401-b0_firmwaredx5401-b0DX5401-B0 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-27989
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 71.69%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 11:02
Updated-08 Jan, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte7490-m904_firmwarenr7101_firmwarelte7490-m904nebula_nr7101lte7480-m804lte7480-m804_firmwarenebula_nr7101_firmwarenr7101NR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-7673
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 72.41%
||
7 Day CHG+0.06%
Published-16 Jul, 2025 | 07:11
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg1312-t20bemg5723-t50k_firmwarevmg3927-t50kvmg8825-b50avmg8924-b10d_firmwarexmg8825-b50avmg8825-t50k_firmwarevmg3925-b10bemg5523-t50bxmg8825-b50a_firmwarevmg4005-b50b_firmwarevmg3927-t50k_firmwarevmg3927-b50bvmg8825-b60aemg3525-t50b_firmwareemg6726-b10avmg8825-b60a_firmwarevmg3625-t50b_firmwarevmg8825-t50kvmg3927-b50avmg4927-b50avmg3927-b60a_firmwareex5510-b0vmg3925-b10b_firmwarevmg8825-bx0b_firmwarevmg3925-b10cxmg3927-b50a_firmwarevmg4927-b50a_firmwarevmg3927-b50b_firmwarevmg3625-t50bex3510-b0vmg1312-t20b_firmwareemg5523-t50b_firmwareex3510-b0_firmwarevmg8623-t50b_firmwarevmg8924-b10demg3525-t50bemg5723-t50kvmg8623-t50bvmg3927-b50a_firmwarevmg8825-bx0bvmg8825-b50a_firmwarevmg3925-b10c_firmwareemg6726-b10a_firmwareex5510-b0_firmwarevmg3927-b60axmg3927-b50avmg4005-b50bVMG8825-T50K firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-0816
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.39%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 01:29
Updated-22 Jan, 2025 | 22:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nebula_lte7461-m602_firmwarelte5388-m804_firmwareex3510_firmwarelte5398-m904ex5600-t1_firmwareex3501-t0vmg4005-b60alte5388-m804lte7480-m804_firmwaredx4510_firmwarenr5103edx4510dx5401-b0_firmwarevmg8623-t50b_firmwareex3320-t0pm7300-t0lte7490-m904_firmwarenr7303_firmwarenebula_fwa510nr7501_firmwarevmg4005-b60a_firmwarepx3321-t1_firmwarewx3100-t0_firmwarevmg8825-t50k_firmwareemg3525-t50blte3301-plusex3320-t1_firmwarenebula_fwa710nr7101_firmwareex7710-b0_firmwarenr5307dx5401-b1ex7710-b0nr7302ax7501-b1nebula_lte3301-plusdx3300-t1_firmwarenebula_fwa505ex5600-t1wx5600-t0_firmwarenr7303ax7501-b0_firmwareex3510ex5601-t1_firmwarevmg8623-t50bnebula_nr7101_firmwarenr7103vmg3927-t50k_firmwarenebula_nr5101wx3100-t0nr5103ev2nebula_fwa710_firmwarenebula_nr5101_firmwarevmg4005-b50a_firmwarenebula_fwa510_firmwarenr5307_firmwareex3300-t1_firmwarepm5100-t0ex3500-t0_firmwarelte5398-m904_firmwaredx5401-b0nebula_lte3301-plus_firmwareex3501-t0_firmwarepx3321-t1ex5510vmg8825-t50kvmg3625-t50b_firmwarenr7302_firmwarenebula_fwa505_firmwarepm3100-t0wx3401-b0_firmwarewx5610-b0ex5401-b0lte7480-m804vmg3927-t50kex5401-b1_firmwarenbg7510_firmwarenr7501vmg4005-b50aex5601-t0_firmwareex5401-b0_firmwareex3301-t0nr7103_firmwareemg5723-t50kdx3300-t1ex3320-t1nr7102wx5610-b0_firmwarenebula_nr7101dx5401-b1_firmwareex5601-t1ex3320-t0_firmwarenr7102_firmwareex5512-t0_firmwarewx5600-t0wx3401-b0lte3202-m437ax7501-b1_firmwarenr5103ex3301-t0_firmwareemg5523-t50bemg5523-t50b_firmwareex5501-b0lte3301-plus_firmwarepm5100-t0_firmwarepm7300-t0_firmwareex3300-t1vmg3625-t50bex5401-b1emg5723-t50k_firmwaredx3301-t0ex5601-t0ex5510_firmwarepm3100-t0_firmwarenr5103_firmwarenr7101lte7490-m904emg3525-t50b_firmwarenebula_lte7461-m602dx3301-t0_firmwareax7501-b0ex5512-t0ex3500-t0lte3202-m437_firmwarenbg7510ex5501-b0_firmwarenr5103ev2_firmwarelte7240-m403lte7240-m403_firmwarenr5103e_firmwareDX3300-T1 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-43389
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.6||HIGH
EPSS-1.45% / 80.92%
||
7 Day CHG-0.01%
Published-11 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte3202-m437pmg5317-t20bpm7320-b0_firmwarepm7320-b0nebula_fwa710nr7102nr5103e_firmwarenebula_nr7101pmg5617ganr7103_firmwarenebula_fwa510nr7102_firmwarenr7101nebula_fwa510_firmwareep240p_firmwarenr7101_firmwarelte7490-m904nr7103nebula_fwa710_firmwarelte3316-m604_firmwarepmg5622galte7480-m804_firmwarenr5103enebula_nr7101_firmwarepmg5317-t20b_firmwarelte7490-m904_firmwarepmg5622ga_firmwarelte3316-m604nr5103_firmwarelte3202-m437_firmwarenr5103pmg5617ga_firmwarelte7480-m804ep240pNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-43391
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.42% / 80.69%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-25 Feb, 2026 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nebula_lte7461-m602lte7461-m602ex5601-t1_firmwareex5510-b0ex5512-t0vmg4005-b50avmg3927-t50k_firmwarepmg5617-t20b2_firmwareax7501-b0_firmwarepmg5617-t20b2pmg5617ganebula_lte3301-plusnr7102_firmwarepm5100-t0_firmwarelte7480-m804_firmwarelte7490-m904_firmwarelte5388-m804ax7501-b0nebula_nr5101vmg3927-t50kex5401-b0_firmwaredx5401-b0wx3401-b0lte7480-m804nebula_lte3301-plus_firmwarenebula_lte7461-m602_firmwarepm7300-t0_firmwarevmg4005-b60a_firmwaredx5401-b0_firmwareemg3525-t50b_firmwarepm3100-t0ex5401-b0vmg8825-t50klte5388-m804_firmwarelte7490-m904ex5501-b0lte7480-s905nr7102nr7101_firmwareemg3525-t50bemg5723-t50klte7480-s905_firmwareex5510-b0_firmwarewx3100-t0lte7485-s905ex5601-t1pmg5317-t20b_firmwareex5501-b0_firmwarewx3401-b0_firmwarelte7240-m403pm7300-t0lte3301-plus_firmwarelte7485-s905_firmwareemg5723-t50k_firmwarevmg8623-t50b_firmwaredx3301-t0ex3301-t0ex3510-b0lte5398-m904ex5600-t1nebula_nr7101_firmwarepmg5622gawx5600-t0_firmwarepmg5622ga_firmwarenr5101_firmwarepmg5317-t20bpmg5617ga_firmwaredx4510-b1dx3301-t0_firmwarelte5398-m904_firmwarevmg8825-t50k_firmwarevmg4005-b50a_firmwarevmg8623-t50bpm7320-b0_firmwareex5601-t0_firmwareex5600-t1_firmwarenebula_nr5101_firmwareex3301-t0_firmwarepm7320-b0vmg4005-b60alte7461-m602_firmwareex5601-t0ex3510-b0_firmwarewx3100-t0_firmwarenr5101ex5512-t0_firmwarepm5100-t0wx5600-t0emg5523-t50b_firmwarenebula_nr7101dx4510-b1_firmwarenr7101lte3301-pluslte7240-m403_firmwareemg5523-t50bpm3100-t0_firmwareNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-43392
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 68.36%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-25 Feb, 2026 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nebula_lte7461-m602lte7461-m602ex5601-t1_firmwareex5510-b0ex5512-t0vmg4005-b50avmg3927-t50k_firmwarepmg5617-t20b2_firmwareax7501-b0_firmwarepmg5617-t20b2pmg5617ganebula_lte3301-plusnr7102_firmwarepm5100-t0_firmwarelte7480-m804_firmwarelte7490-m904_firmwarelte5388-m804ax7501-b0nebula_nr5101vmg3927-t50kex5401-b0_firmwaredx5401-b0wx3401-b0lte7480-m804nebula_lte3301-plus_firmwarenebula_lte7461-m602_firmwarepm7300-t0_firmwarevmg4005-b60a_firmwaredx5401-b0_firmwareemg3525-t50b_firmwarepm3100-t0ex5401-b0vmg8825-t50klte5388-m804_firmwarelte7490-m904ex5501-b0lte7480-s905nr7102nr7101_firmwareemg3525-t50bemg5723-t50klte7480-s905_firmwareex5510-b0_firmwarewx3100-t0lte7485-s905ex5601-t1pmg5317-t20b_firmwareex5501-b0_firmwarewx3401-b0_firmwarelte7240-m403pm7300-t0lte3301-plus_firmwarelte7485-s905_firmwareemg5723-t50k_firmwarevmg8623-t50b_firmwaredx3301-t0ex3301-t0ex3510-b0lte5398-m904ex5600-t1nebula_nr7101_firmwarepmg5622gawx5600-t0_firmwarepmg5622ga_firmwarenr5101_firmwarepmg5317-t20bpmg5617ga_firmwaredx4510-b1dx3301-t0_firmwarelte5398-m904_firmwarevmg8825-t50k_firmwarevmg4005-b50a_firmwarevmg8623-t50bpm7320-b0_firmwareex5601-t0_firmwareex5600-t1_firmwarenebula_nr5101_firmwareex3301-t0_firmwarepm7320-b0vmg4005-b60alte7461-m602_firmwareex5601-t0ex3510-b0_firmwarewx3100-t0_firmwarenr5101ex5512-t0_firmwarepm5100-t0wx5600-t0emg5523-t50b_firmwarenebula_nr7101dx4510-b1_firmwarenr7101lte3301-pluslte7240-m403_firmwareemg5523-t50bpm3100-t0_firmwareNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-26414
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.44%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 12:05
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg8825-b60apx7501-b0vmg3927-t50kvmg3927-b50bvmg3927-b60a_firmwarevmg8825-t50kdx5401-b0ax7501-b0ex3510-b0vmg3927-b50a_firmwarevmg8623-t50bvmg4927-b50aemg3525-t50bvmg1312-t20bvmg8825-t50k_firmwarepm7300-t0_firmwareemg5723-t50kvmg3312-t20a_firmwareemg6726-b10avmg4927-b50a_firmwarexmg8825-b50apmg5622gapmg5317-t20b_firmwarepmg5617-t20b2vmg3927-b50apmg5622ga_firmwareex5401-b0_firmwarevmg8825-b60a_firmwarexmg3927-b50a_firmwareemg5523-t50bvmg8623-t50b_firmwarepmg5317-t20bex5501-b0vmg8825-b60bvmg8825-b50b_firmwarepmg5617-t20b2_firmwarepx7501-b0_firmwaredx5401-b0_firmwareex5501-b0_firmwareex5401-b0xmg3927-b50avmg1312-t20b_firmwarepmg5617gavmg8825-b50a_firmwareex3510-b0_firmwarevmg3312-t20axmg8825-b50a_firmwareax7501-b0_firmwareemg5723-t50k_firmwarevmg3927-t50k_firmwareep240p_firmwarevmg8825-b50bvmg8825-b50avmg3927-b60aemg5523-t50b_firmwarevmg8825-b60b_firmwarepm7300-t0vmg3625-t50bpmg5617ga_firmwarevmg3625-t50b_firmwareemg6726-b10a_firmwareemg3525-t50b_firmwarevmg3927-b50b_firmwareep240pVMG3312-T20A firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-9197
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.39% / 59.80%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 01:24
Updated-21 Jan, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3500-t0_firmwareex5510-b0_firmwareex3301-t0emg5523-t50b_firmwaredx5401-b1dx5401-b0_firmwareex5501-b0_firmwareex3510-b0px5301-t0ax7501-b0ex3300-t0_firmwareex3500-t0vmg8623-t50bax7501-b1_firmwareex5600-t1ex3300-t0dx5401-b1_firmwareemg5723-t50kee6510-10_firmwareex5401-b1_firmwareex3501-t0_firmwareex5601-t0_firmwarevmg8825-t50k_firmwareex3600-t0_firmwareex3300-t1dx4510-b1wx5600-t0_firmwareemg3525-t50bpx3321-t1ee6510-10dx3300-t1ax7501-b1px5301-t0_firmwareex3510-b1ex5600-t1_firmwaredx4510-b0dx3300-t1_firmwareex3510-b0_firmwareemg5523-t50bex5401-b0ex5601-t1dx3300-t0ex5401-b0_firmwarepx3321-t1_firmwaredx4510-b1_firmwareex3301-t0_firmwareex5510-b0vmg3927-t50k_firmwareex5401-b1ex7501-b0_firmwareemg3525-t50b_firmwarevmg3625-t50bax7501-b0_firmwarevmg8623-t50b_firmwareemg5723-t50k_firmwareex5501-b0ex3600-t0dx3300-t0_firmwaredx3301-t0ex3300-t1_firmwaredx3301-t0_firmwareex5601-t1_firmwarevmg8825-t50kdx4510-b0_firmwareex5601-t0ex7501-b0wx5600-t0ex3510-b1_firmwaredx5401-b0vmg3927-t50kex3501-t0vmg3625-t50b_firmwareVMG3625-T50B firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33010
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.85% / 90.61%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_100usg_flex_500_firmwarevpn300_firmwarevpn50atp100_firmwareatp500_firmwareatp100w_firmwareusg_flex_700_firmwareusg_40w_firmwareusg_40wusg_flex_50w_firmwareusg20-vpn_firmwareatp700_firmwarevpn100atp800usg_60w_firmwareusg_flex_200_firmwareusg_flex_100wusg_60wvpn100_firmwareusg_flex_50usg_flex_100_firmwareusg_60_firmwareusg_20w-vpn_firmwareusg20-vpnusg_60usg_flex_700usg_flex_50_firmwareatp100atp200atp800_firmwarevpn300usg_flex_100w_firmwarevpn1000atp200_firmwareusg_flex_500vpn1000_firmwareusg_40_firmwareusg_40atp100wusg_flex_200atp700vpn50_firmwareusg_flex_50wusg_20w-vpnatp500USG FLEX series firmwareATP series firmwareUSG20(W)-VPN firmwareUSG FLEX 50(W) firmwareVPN series firmwareZyWALL/USG series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-34140
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.84%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 17:49
Updated-21 Oct, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn_300zywall_atp700zywall_atp700_firmwarezywall_vpn_50_firmwarezywall_atp800zywall_vpn_50usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwarezywall_vpn300_firmwareusg_flex_200_firmwareusg_2200-vpnzywall_atp200zywall_vpn50nxc5500zywall_vpn100_firmwarenxc2500zywall_vpn100usg_flex_700zywall_atp100w_firmwareusg_flex_100wzywall_atp800_firmwareusg_flex_50w_firmwarezywall_atp200_firmwareusg_20w-vpnzywall_atp500usg_20w-vpn_firmwarezywall_atp100usg_flex_100_firmwarenxc5500_firmwarezywall_atp100wzywall_atp500_firmwareusg_flex_50wnxc2500_firmwareusg_flex_50_firmwarezywall_vpn300zywall_vpn_300_firmwareusg_flex_700_firmwarezywall_vpn_100zywall_vpn2szywall_vpn2s_firmwarezywall_vpn50_firmwareusg_flex_500usg_flex_50zywall_vpn_100_firmwareUSG FLEX 50(W) series firmwareNXC5500 firmwareATP series firmwareVPN series firmwareNXC2500 firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52729
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.01%
||
7 Day CHG~0.00%
Published-04 May, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error that causes a buffer overflow when trying to add '\0' to the end of long msg data. It can be exploited via crafted TCP packets.

Action-Not Available
Vendor-n/asimplenetwork_project
Product-n/asimplenetwork
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-41794
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.38%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 14:57
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52366
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.16%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:27
Updated-13 Mar, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-41498
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.06%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 20:16
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.

Action-Not Available
Vendor-pyo_projectn/a
Product-pyon/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-50784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.98% / 76.91%
||
7 Day CHG~0.00%
Published-16 Dec, 2023 | 00:00
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.

Action-Not Available
Vendor-unrealircdn/a
Product-unrealircdn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-47347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 22.92%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.

Action-Not Available
Vendor-free5gcn/a
Product-free5gcn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-47307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.61%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter.

Action-Not Available
Vendor-szlbtn/a
Product-lbt-t300-t310lbt-t300-t310_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-47346
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.11%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:00
Updated-03 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages.

Action-Not Available
Vendor-free5gcn/a
Product-upffree5gcsmfn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46566
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 70.23%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.

Action-Not Available
Vendor-n/amsoulier
Product-n/atftpy
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44837
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.71%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.71%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-45464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 00:00
Updated-18 Sep, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-n3mn3m_firmwaren/an3m
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.71%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.71%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g-firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44831
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.83%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44833
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.71%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44834
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.71%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44832
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.83%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-45463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 00:00
Updated-15 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-n3mn3m_firmwaren/an3m_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.71%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44839
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.71% / 94.52%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-45468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-n3mn3m_firmwaren/an3m
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-4452
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.40%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 14:24
Updated-06 Sep, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web Server Buffer Overflow Vulnerability

A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.

Action-Not Available
Vendor-Moxa Inc.
Product-edr-g902-tedr-g903_firmwareedr-g902-t_firmwareedr-810-vpn-2gsfp-t_firmwareedr-810-2gsfp-t_firmwareedr-810-2gsfp-tedr-810-2gsfpedr-g903edr-810-vpn-2gsfp_firmwareedr-810-vpn-2gsfp-tedr-g902edr-810-vpn-2gsfpedr-g903-tedr-g902_firmwareedr-810-2gsfp_firmwareedr-g903-t_firmwareEDR G903 Series EDR-810 Series EDR G902 Series
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-40968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.48%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 00:00
Updated-01 Oct, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address.

Action-Not Available
Vendor-hzellern/a
Product-timgn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found