Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-7287

Summary
Assigner-Zyxel
Assigner Org ID-96e50032-ad0d-4058-a115-4d2c13821f9f
Published At-12 May, 2026 | 03:56
Updated At-12 May, 2026 | 12:47
Rejected At-
Credits

** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zyxel
Assigner Org ID:96e50032-ad0d-4058-a115-4d2c13821f9f
Published At:12 May, 2026 | 03:56
Updated At:12 May, 2026 | 12:47
Rejected At:
▼CVE Numbering Authority (CNA)

** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.

Affected Products
Vendor
Zyxel Networks CorporationZyxel
Product
NWA1100-N firmware
Default Status
unaffected
Versions
Affected
  • 1.00(AACE.1)C0
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zyxel.com/global/en/support/end-of-life
N/A
Hyperlink: https://www.zyxel.com/global/en/support/end-of-life
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zyxel.com.tw
Published At:12 May, 2026 | 04:16
Updated At:16 May, 2026 | 03:08

** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Zyxel Networks Corporation
zyxel
>>nwa1100-n_firmware>>1.00\(aace.1\)c0
cpe:2.3:o:zyxel:nwa1100-n_firmware:1.00\(aace.1\)c0:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>nwa1100-n>>-
cpe:2.3:h:zyxel:nwa1100-n:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarysecurity@zyxel.com.tw
CWE ID: CWE-120
Type: Primary
Source: security@zyxel.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zyxel.com/global/en/support/end-of-lifesecurity@zyxel.com.tw
Product
Hyperlink: https://www.zyxel.com/global/en/support/end-of-life
Source: security@zyxel.com.tw
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

510Records found
CVE-2023-43314
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.26%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 00:00
Updated-25 Feb, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-pmg2005-t20bpmg2005-t20b_firmwarePMG2005-T20B
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8748
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 72.87%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 01:15
Updated-21 Jan, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3500-t0_firmwareex5510-b0_firmwarenr7101pm7300-t0_firmwareex3301-t0emg5523-t50b_firmwaredx5401-b1lte7480-m804lte5398-m904dx5401-b0_firmwareex5501-b0_firmwareex3510-b0px5301-t0ax7501-b0ex5512-t0ex3300-t0_firmwareex3500-t0vmg8623-t50bax7501-b1_firmwarevmg4005-b50bnebula_nr5101pm3100-t0ex5600-t1lte7490-m904ex3300-t0dx5401-b1_firmwarewx3100-t0emg5723-t50kpm5100-t0_firmwarewx5610-b0ee6510-10_firmwareex5401-b1_firmwareex3501-t0_firmwarewx3401-b0_firmwareex5601-t0_firmwareex7710-b0_firmwarevmg8825-t50k_firmwareex3600-t0_firmwareex3300-t1pm7500-t0vmg3927-b50bdx4510-b1vmg4927-b50a_firmwarelte3301-plusvmg3927-b50b_firmwarenebula_nr5101_firmwarewx5600-t0_firmwareemg3525-t50bpx3321-t1ee6510-10dx3300-t1ax7501-b1vmg4005-b50a_firmwarevmg4005-b60a_firmwarevmg4005-b50avmg4005-b50b_firmwarepx5301-t0_firmwarelte5398-m904_firmwarewx3401-b0ex3510-b1ex5600-t1_firmwaredx4510-b0nebula_lte3301-plusdx3300-t1_firmwareex3510-b0_firmwareemg5523-t50bex5401-b0nr7101_firmwareex5601-t1dx3300-t0ex5401-b0_firmwarepm3100-t0_firmwarevmg4927-b50apx3321-t1_firmwaredx4510-b1_firmwareex3301-t0_firmwareex5510-b0wx3401-b1vmg3927-t50k_firmwareex5401-b1ex2210-t0_firmwareex2210-t0lte5388-m804vmg4005-b60apm5100-t0lte7480-m804_firmwarenebula_nr7101_firmwareex7501-b0_firmwarewx3100-t0_firmwareemg3525-t50b_firmwarelte7490-m904_firmwarepm7300-t0vmg3625-t50bnebula_nr7101vmg8623-t50b_firmwareemg5723-t50k_firmwarenr7102ex3600-t0nr7102_firmwareex5501-b0ax7501-b0_firmwaredx3300-t0_firmwaredx3301-t0ex3300-t1_firmwaredx3301-t0_firmwareex5601-t1_firmwarevmg8825-t50kdx4510-b0_firmwareex5601-t0ex7501-b0wx5600-t0nebula_lte3301-plus_firmwarelte3301-plus_firmwareex3510-b1_firmwaredx5401-b0ex5512-t0_firmwareemg6726-b10a_firmwareex7710-b0emg6726-b10avmg3927-t50kex3501-t0pm7500-t0_firmwarewx5610-b0_firmwarevmg3625-t50b_firmwarewx3401-b1_firmwarelte5388-m804_firmwareVMG8825-T50K firmwarewx3401-b1_firmwarepm7500-t0_firmwaredx3300-t1_firmwaredx4510-b1_firmwarepm5100-t0_firmwarepx3321-t1_firmwareex2210-t0_firmwarelte5388-m804_firmwarenebula_lte3301-plus_firmwaredx5401_b1_firmwarelte5398-m904_firmwaredx5401-b0_firmwarepx5301-t0_firmwareax7501-b1_firmwarenr7102_firmwarevmg8825-t50k_firmwarepm7300-t0_firmwareax7501-b0_firmwaredx3300-t0_firmwarenr7101_firmwareee6510-10_firmwaredx3301-t0_firmwaredx4510-b0_firmwarelte7480-m804_firmwarenebula_nr5101_firmwarenebula_nr7101_firmwarelte7490-m904_firmwarelte3301-plus_firmwarewx3401-b0_firmwarewx3100-t0_firmwarewx5610-b0_firmwarepm3100-t0_firmwarewx5600-t0_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22922
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.91%
||
7 Day CHG-0.15%
Published-01 May, 2023 | 00:00
Updated-30 Jan, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg-418n_firmwarenbg-418nNBG-418N v2 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22917
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.49%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vpn100atp100_firmwareatp100atp800_firmwareusg_flex_200usg_flex_500_firmwareusg_flex_100w_firmwareusg_flex_100vpn300_firmwareatp100w_firmwareatp100wusg_flex_200_firmwarevpn50_firmwareatp200atp700usg_flex_700vpn100_firmwarevpn300usg_flex_100wusg_flex_50w_firmwareusg_20w-vpnatp700_firmwareusg_20w-vpn_firmwareatp500_firmwareatp800vpn1000_firmwarevpn50usg_flex_100_firmwareusg_flex_50wusg_flex_50_firmwareatp500usg_flex_700_firmwarevpn1000usg_flex_500usg_flex_50atp200_firmwareVPN series firmwareATP series firmwareUSG FLEX 50(W) firmwareUSG20(W)-VPN firmwareUSG FLEX series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22915
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 77.97%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_50w_firmwarevpn100usg_20w-vpnusg_20w-vpn_firmwareusg_flex_500usg_flex_200usg_flex_500_firmwarevpn1000_firmwareusg_flex_100w_firmwareusg_flex_100vpn50usg_flex_100_firmwareusg_flex_200_firmwareusg_flex_50wvpn50_firmwareusg_flex_50_firmwareusg_flex_700_firmwareusg_flex_700vpn100_firmwarevpn1000vpn300usg_flex_100wvpn300_firmwareusg_flex_50USG FLEX 50(W) firmwareUSG20(W)-VPN firmwareUSG FLEX series firmwareVPN series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-5412
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 74.26%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:18
Updated-24 Feb, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx4510-b0_firmwareex5601-t1_firmwareex5512-t0vmg4005-b50aex5510-b0vmg3927-t50k_firmwareax7501-b0_firmwareax7501-b1_firmwarenebula_fwa510_firmwarenr7103_firmwareex7501-b0_firmwaredx3300-t1_firmwarenebula_lte3301-pluspm5100-t0_firmwarenr5103ev2vmg3625-t50bnr5307ax7501-b0vmg3927-t50kpx3321-t1ex5401-b0_firmwaredx5401-b0ex7710-b0_firmwarenebula_fwa505_firmwareex3501-t0_firmwarewx3401-b0dx4510-b0nebula_fwa505nebula_lte3301-plus_firmwarepm7300-t0_firmwarevmg4005-b60a_firmwareemg3525-t50b_firmwarepm3100-t0dx5401-b0_firmwareex5401-b0vmg8825-t50kscr50axe_firmwaredx5401-b1nr7302_firmwareex5401-b1_firmwareemg3525-t50bemg5723-t50kex5510-b0_firmwarewx3100-t0dx5401-b1_firmwareex5601-t1nr5103ev2_firmwarenr7303nr7302wx3401-b0_firmwarepm7300-t0nr7501_firmwarenr5103_firmwareemg5723-t50k_firmwarevmg8623-t50b_firmwarenebula_fwa710_firmwareex3301-t0ex3510-b0dx3301-t0ex7501-b0wx5600-t0_firmwareex5401-b1nr5103ex3500-t0ex3300-t1_firmwarescr_50axedx3301-t0_firmwareex3500-t0_firmwarevmg8825-t50k_firmwarevmg3625-t50b_firmwarenr7303_firmwarevmg8623-t50bvmg4005-b50a_firmwareex5601-t0_firmwareex3301-t0_firmwarenebula_fwa710vmg4005-b60adx3300-t0ex5601-t0nr5307_firmwaredx3300-t1ex3510-b0_firmwareex7710-b0wx3100-t0_firmwareex3300-t0ex3300-t1nebula_fwa510wx5600-t0pm5100-t0ex5512-t0_firmwarenr7501ex3300-t0_firmwareemg5523-t50b_firmwarepx3321-t1_firmwarenr7103ex3501-t0ax7501-b1dx3300-t0_firmwareemg5523-t50bpm3100-t0_firmwareVMG8825-T50K firmwarevmg8825-t50k_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-4398
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.00%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:48
Updated-17 Oct, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldvpn100usg_20w-vpnatp100atp800usg_flex_200vpn50usg_flex_100atp100wusg_flex_50watp200atp700atp500usg_flex_700vpn1000vpn50wvpn300usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmwareusg_flex_50w_firmwarevpn_firmwareatp_firmwareusg20w-vpn_firmwareusg_flex_firmware
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-6599
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.80%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 01:19
Updated-16 Dec, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg3927-t50k_firmwareex3500-t0nr5103we3300-00_firmwarenebula_fwa505_firmwarevmg3927-b50b_firmwareee6510-10_firmwaredx3300-t0_firmwareex7501-b0dx5401-b0_firmwarewx5600-t0_firmwaregm4100-b0vmg8825-t50kpm7300-t0ex3501-t0_firmwareex3300-t0_firmwarevmg8825-t50k_firmwarevmg4005-b50adx4510-b1_firmwaredx3301-t0emg6726-b10a_firmwareex3301-t0vmg4005-b50a_firmwareex5512-t0nr5309dx3301-t0_firmwareax7501-b0_firmwarescr_50axeemg5523-t50b_firmwareax7501-b1dx3300-t0ex7501-b0_firmwareee5301-00_firmwareex5601-t0nr7303px5301-t0_firmwareex5510-b0nebula_fwa515_firmwareemg5523-t50bvmg4005-b60anr7302ex5401-b0pm7500-00_firmwarevmg3625-t50b_firmwarevmg4005-b50b_firmwarepx3321-t1pm5100-t0_firmwarewx5600-t0nebula_fwa505emg5723-t50kax7501-b0ex3300-t1pe5301-01ex3300-t1_firmwaredx5401-b1gm4100-b0_firmwaredx5401-b0wx3401-b1_firmwarenr5103e_firmwarepm7500-00ee3301-00_firmwarewx3401-b1nr5103_firmwarenebula_fwa510vmg8623-t50b_firmwarescr_50axe_firmwarewx5610-b0_firmwarepm5100-t0emg6726-b10apm3100-t0ex7710-b0ex5501-b0vmg8623-t50bwe3300-00vmg4005-b60a_firmwarewx3401-b0nr5309_firmwareex3500-t0_firmwarenebula_fwa515ex5501-b0_firmwareex5401-b1ex3600-t0_firmwarelte3301-pluswx3401-b0_firmwarevmg3625-t50bpx3321-t1_firmwareex7710-b0_firmwarenebula_fwa710ex5601-t1_firmwarelte3301-plus_firmwarevmg4927-b50adm4200-b0_firmwareex5401-b1_firmwaredx3300-t1wx5610-b0vmg4927-b50a_firmwareex3501-t0ex5401-b0_firmwareemg5723-t50k_firmwareee5301-00vmg3927-t50kex5512-t0_firmwaredx5401-b1_firmwareemg3525-t50bax7501-b1_firmwareex5601-t1ex3300-t0nr5103enebula_fwa510_firmwareex3600-t0vmg3927-b50bnr7303_firmwarenr7302_firmwarevmg4005-b50bpx5301-t0pe3301-00nebula_fwa710_firmwaredm4200-b0wx3100-t0_firmwaredx3300-t1_firmwarepm3100-t0_firmwarewx3100-t0pe5301-01_firmwarepm7300-t0_firmwarepe3301-00_firmwareex3301-t0_firmwareemg3525-t50b_firmwareex5601-t0_firmwareee6510-10ex5510-b0_firmwareee3301-00dx4510-b1DX3301-T0 firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42058
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.51%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:47
Updated-13 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_100axusg_flex_700usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmwareATP series firmwareusg_flex_50w_firmwareatp800_firmwareusg_flex_700h_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-26414
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.58%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 12:05
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg8825-b60apx7501-b0vmg3927-t50kvmg3927-b50bvmg3927-b60a_firmwarevmg8825-t50kdx5401-b0ax7501-b0ex3510-b0vmg3927-b50a_firmwarevmg8623-t50bvmg4927-b50aemg3525-t50bvmg1312-t20bvmg8825-t50k_firmwarepm7300-t0_firmwareemg5723-t50kvmg3312-t20a_firmwareemg6726-b10avmg4927-b50a_firmwarexmg8825-b50apmg5622gapmg5317-t20b_firmwarepmg5617-t20b2vmg3927-b50apmg5622ga_firmwareex5401-b0_firmwarevmg8825-b60a_firmwarexmg3927-b50a_firmwareemg5523-t50bvmg8623-t50b_firmwarepmg5317-t20bex5501-b0vmg8825-b60bvmg8825-b50b_firmwarepmg5617-t20b2_firmwarepx7501-b0_firmwaredx5401-b0_firmwareex5501-b0_firmwareex5401-b0xmg3927-b50avmg1312-t20b_firmwarepmg5617gavmg8825-b50a_firmwareex3510-b0_firmwarevmg3312-t20axmg8825-b50a_firmwareax7501-b0_firmwareemg5723-t50k_firmwarevmg3927-t50k_firmwareep240p_firmwarevmg8825-b50bvmg8825-b50avmg3927-b60aemg5523-t50b_firmwarevmg8825-b60b_firmwarepm7300-t0vmg3625-t50bpmg5617ga_firmwarevmg3625-t50b_firmwareemg6726-b10a_firmwareemg3525-t50b_firmwarevmg3927-b50b_firmwareep240pVMG3312-T20A firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-37929
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 81.05%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 01:23
Updated-22 Jan, 2025 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3510_firmwarevmg8825-t50kvmg3625-t50b_firmwareex5600-t1_firmwareex3501-t0wx5610-b0ex5401-b0vmg3927-t50kex5401-b1_firmwaredx4510_firmwaredx4510dx5401-b0_firmwarevmg8623-t50b_firmwarenbg7510_firmwareex5601-t0_firmwareex5401-b0_firmwareex3301-t0emg5723-t50kdx3300-t1wx3100-t0_firmwarevmg8825-t50k_firmwareemg3525-t50bwx5610-b0_firmwaredx5401-b1_firmwareex5601-t1ex5512-t0_firmwarewx5600-t0ex7710-b0_firmwareax7501-b1_firmwareex3301-t0_firmwareemg5523-t50bdx5401-b1emg5523-t50b_firmwareex5501-b0ex7710-b0ex3300-t1ax7501-b1dx3300-t1_firmwarevmg3625-t50bex5401-b1emg5723-t50k_firmwaredx3301-t0ex5600-t1wx5600-t0_firmwareex5601-t0ax7501-b0_firmwareex3510ex5601-t1_firmwarevmg8623-t50bex5510_firmwarevmg3927-t50k_firmwarewx3100-t0emg3525-t50b_firmwaredx3301-t0_firmwareax7501-b0nbg7510ex5512-t0ex3500-t0ex3300-t1_firmwareex5501-b0_firmwareex3500-t0_firmwaredx5401-b0ex3501-t0_firmwareex5510V5.50(ABPM.8)C0 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-34140
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.15%
||
7 Day CHG+0.03%
Published-17 Jul, 2023 | 17:49
Updated-21 Oct, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn_300zywall_atp700zywall_atp700_firmwarezywall_vpn_50_firmwarezywall_atp800zywall_vpn_50usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwarezywall_vpn300_firmwareusg_flex_200_firmwareusg_2200-vpnzywall_atp200zywall_vpn50nxc5500zywall_vpn100_firmwarenxc2500zywall_vpn100usg_flex_700zywall_atp100w_firmwareusg_flex_100wzywall_atp800_firmwareusg_flex_50w_firmwarezywall_atp200_firmwareusg_20w-vpnzywall_atp500usg_20w-vpn_firmwarezywall_atp100usg_flex_100_firmwarenxc5500_firmwarezywall_atp100wzywall_atp500_firmwareusg_flex_50wnxc2500_firmwareusg_flex_50_firmwarezywall_vpn300zywall_vpn_300_firmwareusg_flex_700_firmwarezywall_vpn_100zywall_vpn2szywall_vpn2s_firmwarezywall_vpn50_firmwareusg_flex_500usg_flex_50zywall_vpn_100_firmwareUSG FLEX 50(W) series firmwareNXC5500 firmwareATP series firmwareVPN series firmwareNXC2500 firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33009
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.17% / 90.93%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-26 Feb, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_200_firmwareusg_flex_700_firmwareusg_flex_200usg_flex_500_firmwareatp100wvpn1000_firmwareusg_60_firmwareusg_flex_100w_firmwareusg_flex_50vpn100usg20-vpn_firmwareusg20-vpnusg_40_firmwareusg_flex_50_firmwareusg_40watp200vpn300_firmwareusg_flex_50w_firmwareusg_flex_50wvpn1000usg_60atp700atp100_firmwareusg_40usg_flex_100_firmwareusg_flex_100vpn300atp100w_firmwareusg_40w_firmwareusg_flex_500atp500vpn100_firmwarevpn50usg_20w-vpn_firmwareatp200_firmwareusg_60w_firmwareatp500_firmwarevpn50_firmwareatp700_firmwareatp800_firmwareatp800usg_20w-vpnusg_flex_700usg_60wusg_flex_100watp100USG FLEX series firmwareATP series firmwareUSG20(W)-VPN firmwareUSG FLEX 50(W) firmwareVPN series firmwareZyWALL/USG series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33010
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.85% / 90.64%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_100usg_flex_500_firmwarevpn300_firmwarevpn50atp100_firmwareatp500_firmwareatp100w_firmwareusg_flex_700_firmwareusg_40w_firmwareusg_40wusg_flex_50w_firmwareusg20-vpn_firmwareatp700_firmwarevpn100atp800usg_60w_firmwareusg_flex_200_firmwareusg_flex_100wusg_60wvpn100_firmwareusg_flex_50usg_flex_100_firmwareusg_60_firmwareusg_20w-vpn_firmwareusg20-vpnusg_60usg_flex_700usg_flex_50_firmwareatp100atp200atp800_firmwarevpn300usg_flex_100w_firmwarevpn1000atp200_firmwareusg_flex_500vpn1000_firmwareusg_40_firmwareusg_40atp100wusg_flex_200atp700vpn50_firmwareusg_flex_50wusg_20w-vpnatp500USG FLEX series firmwareATP series firmwareUSG20(W)-VPN firmwareUSG FLEX 50(W) firmwareVPN series firmwareZyWALL/USG series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-27989
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 71.82%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 11:02
Updated-08 Jan, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte7490-m904_firmwarenr7101_firmwarelte7490-m904nebula_nr7101lte7480-m804lte7480-m804_firmwarenebula_nr7101_firmwarenr7101NR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-28769
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-72.19% / 98.78%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx5401-b0_firmwaredx5401-b0DX5401-B0 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-9197
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.39% / 59.94%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 01:24
Updated-21 Jan, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3500-t0_firmwareex5510-b0_firmwareex3301-t0emg5523-t50b_firmwaredx5401-b1dx5401-b0_firmwareex5501-b0_firmwareex3510-b0px5301-t0ax7501-b0ex3300-t0_firmwareex3500-t0vmg8623-t50bax7501-b1_firmwareex5600-t1ex3300-t0dx5401-b1_firmwareemg5723-t50kee6510-10_firmwareex5401-b1_firmwareex3501-t0_firmwareex5601-t0_firmwarevmg8825-t50k_firmwareex3600-t0_firmwareex3300-t1dx4510-b1wx5600-t0_firmwareemg3525-t50bpx3321-t1ee6510-10dx3300-t1ax7501-b1px5301-t0_firmwareex3510-b1ex5600-t1_firmwaredx4510-b0dx3300-t1_firmwareex3510-b0_firmwareemg5523-t50bex5401-b0ex5601-t1dx3300-t0ex5401-b0_firmwarepx3321-t1_firmwaredx4510-b1_firmwareex3301-t0_firmwareex5510-b0vmg3927-t50k_firmwareex5401-b1ex7501-b0_firmwareemg3525-t50b_firmwarevmg3625-t50bax7501-b0_firmwarevmg8623-t50b_firmwareemg5723-t50k_firmwareex5501-b0ex3600-t0dx3300-t0_firmwaredx3301-t0ex3300-t1_firmwaredx3301-t0_firmwareex5601-t1_firmwarevmg8825-t50kdx4510-b0_firmwareex5601-t0ex7501-b0wx5600-t0ex3510-b1_firmwaredx5401-b0vmg3927-t50kex3501-t0vmg3625-t50b_firmwareVMG3625-T50B firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8882
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.10% / 26.12%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 01:23
Updated-14 Nov, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpgs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-16_firmwaregs1900-10hp_firmwaregs1900-16GS1900-48 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-7673
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.42% / 80.76%
||
7 Day CHG+0.70%
Published-16 Jul, 2025 | 07:11
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg1312-t20bemg5723-t50k_firmwarevmg3927-t50kvmg8825-b50avmg8924-b10d_firmwarexmg8825-b50avmg8825-t50k_firmwarevmg3925-b10bemg5523-t50bxmg8825-b50a_firmwarevmg4005-b50b_firmwarevmg3927-t50k_firmwarevmg3927-b50bvmg8825-b60aemg3525-t50b_firmwareemg6726-b10avmg8825-b60a_firmwarevmg3625-t50b_firmwarevmg8825-t50kvmg3927-b50avmg4927-b50avmg3927-b60a_firmwareex5510-b0vmg3925-b10b_firmwarevmg8825-bx0b_firmwarevmg3925-b10cxmg3927-b50a_firmwarevmg4927-b50a_firmwarevmg3927-b50b_firmwarevmg3625-t50bex3510-b0vmg1312-t20b_firmwareemg5523-t50b_firmwareex3510-b0_firmwarevmg8623-t50b_firmwarevmg8924-b10demg3525-t50bemg5723-t50kvmg8623-t50bvmg3927-b50a_firmwarevmg8825-bx0bvmg8825-b50a_firmwarevmg3925-b10c_firmwareemg6726-b10a_firmwareex5510-b0_firmwarevmg3927-b60axmg3927-b50avmg4005-b50bVMG8825-T50K firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22924
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.69% / 72.09%
||
7 Day CHG+0.22%
Published-01 May, 2023 | 00:00
Updated-30 Jan, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg-418n_firmwarenbg-418nNBG-418N v2 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-37926
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.61%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:37
Updated-02 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldvpn100usg_20w-vpnatp100atp800usg_flex_200vpn50usg_flex_100atp100wusg_flex_50watp200atp700atp500usg_flex_700vpn1000vpn50wvpn300usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-6343
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.24% / 47.75%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:28
Updated-13 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_100axusg_flex_700usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmwareATP series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-43392
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 68.49%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-25 Feb, 2026 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nebula_lte7461-m602lte7461-m602ex5601-t1_firmwareex5510-b0ex5512-t0vmg4005-b50avmg3927-t50k_firmwarepmg5617-t20b2_firmwareax7501-b0_firmwarepmg5617-t20b2pmg5617ganebula_lte3301-plusnr7102_firmwarepm5100-t0_firmwarelte7480-m804_firmwarelte7490-m904_firmwarelte5388-m804ax7501-b0nebula_nr5101vmg3927-t50kex5401-b0_firmwaredx5401-b0wx3401-b0lte7480-m804nebula_lte3301-plus_firmwarenebula_lte7461-m602_firmwarepm7300-t0_firmwarevmg4005-b60a_firmwaredx5401-b0_firmwareemg3525-t50b_firmwarepm3100-t0ex5401-b0vmg8825-t50klte5388-m804_firmwarelte7490-m904ex5501-b0lte7480-s905nr7102nr7101_firmwareemg3525-t50bemg5723-t50klte7480-s905_firmwareex5510-b0_firmwarewx3100-t0lte7485-s905ex5601-t1pmg5317-t20b_firmwareex5501-b0_firmwarewx3401-b0_firmwarelte7240-m403pm7300-t0lte3301-plus_firmwarelte7485-s905_firmwareemg5723-t50k_firmwarevmg8623-t50b_firmwaredx3301-t0ex3301-t0ex3510-b0lte5398-m904ex5600-t1nebula_nr7101_firmwarepmg5622gawx5600-t0_firmwarepmg5622ga_firmwarenr5101_firmwarepmg5317-t20bpmg5617ga_firmwaredx4510-b1dx3301-t0_firmwarelte5398-m904_firmwarevmg8825-t50k_firmwarevmg4005-b50a_firmwarevmg8623-t50bpm7320-b0_firmwareex5601-t0_firmwareex5600-t1_firmwarenebula_nr5101_firmwareex3301-t0_firmwarepm7320-b0vmg4005-b60alte7461-m602_firmwareex5601-t0ex3510-b0_firmwarewx3100-t0_firmwarenr5101ex5512-t0_firmwarepm5100-t0wx5600-t0emg5523-t50b_firmwarenebula_nr7101dx4510-b1_firmwarenr7101lte3301-pluslte7240-m403_firmwareemg5523-t50bpm3100-t0_firmwareNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-43391
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.42% / 80.78%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-25 Feb, 2026 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nebula_lte7461-m602lte7461-m602ex5601-t1_firmwareex5510-b0ex5512-t0vmg4005-b50avmg3927-t50k_firmwarepmg5617-t20b2_firmwareax7501-b0_firmwarepmg5617-t20b2pmg5617ganebula_lte3301-plusnr7102_firmwarepm5100-t0_firmwarelte7480-m804_firmwarelte7490-m904_firmwarelte5388-m804ax7501-b0nebula_nr5101vmg3927-t50kex5401-b0_firmwaredx5401-b0wx3401-b0lte7480-m804nebula_lte3301-plus_firmwarenebula_lte7461-m602_firmwarepm7300-t0_firmwarevmg4005-b60a_firmwaredx5401-b0_firmwareemg3525-t50b_firmwarepm3100-t0ex5401-b0vmg8825-t50klte5388-m804_firmwarelte7490-m904ex5501-b0lte7480-s905nr7102nr7101_firmwareemg3525-t50bemg5723-t50klte7480-s905_firmwareex5510-b0_firmwarewx3100-t0lte7485-s905ex5601-t1pmg5317-t20b_firmwareex5501-b0_firmwarewx3401-b0_firmwarelte7240-m403pm7300-t0lte3301-plus_firmwarelte7485-s905_firmwareemg5723-t50k_firmwarevmg8623-t50b_firmwaredx3301-t0ex3301-t0ex3510-b0lte5398-m904ex5600-t1nebula_nr7101_firmwarepmg5622gawx5600-t0_firmwarepmg5622ga_firmwarenr5101_firmwarepmg5317-t20bpmg5617ga_firmwaredx4510-b1dx3301-t0_firmwarelte5398-m904_firmwarevmg8825-t50k_firmwarevmg4005-b50a_firmwarevmg8623-t50bpm7320-b0_firmwareex5601-t0_firmwareex5600-t1_firmwarenebula_nr5101_firmwareex3301-t0_firmwarepm7320-b0vmg4005-b60alte7461-m602_firmwareex5601-t0ex3510-b0_firmwarewx3100-t0_firmwarenr5101ex5512-t0_firmwarepm5100-t0wx5600-t0emg5523-t50b_firmwarenebula_nr7101dx4510-b1_firmwarenr7101lte3301-pluslte7240-m403_firmwareemg5523-t50bpm3100-t0_firmwareNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-43389
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.6||HIGH
EPSS-1.45% / 81.01%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte3202-m437pmg5317-t20bpm7320-b0_firmwarepm7320-b0nebula_fwa710nr7102nr5103e_firmwarenebula_nr7101pmg5617ganr7103_firmwarenebula_fwa510nr7102_firmwarenr7101nebula_fwa510_firmwareep240p_firmwarenr7101_firmwarelte7490-m904nr7103nebula_fwa710_firmwarelte3316-m604_firmwarepmg5622galte7480-m804_firmwarenr5103enebula_nr7101_firmwarepmg5317-t20b_firmwarelte7490-m904_firmwarepmg5622ga_firmwarelte3316-m604nr5103_firmwarelte3202-m437_firmwarenr5103pmg5617ga_firmwarelte7480-m804ep240pNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-0816
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.45%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 01:29
Updated-22 Jan, 2025 | 22:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nebula_lte7461-m602_firmwarelte5388-m804_firmwareex3510_firmwarelte5398-m904ex5600-t1_firmwareex3501-t0vmg4005-b60alte5388-m804lte7480-m804_firmwaredx4510_firmwarenr5103edx4510dx5401-b0_firmwarevmg8623-t50b_firmwareex3320-t0pm7300-t0lte7490-m904_firmwarenr7303_firmwarenebula_fwa510nr7501_firmwarevmg4005-b60a_firmwarepx3321-t1_firmwarewx3100-t0_firmwarevmg8825-t50k_firmwareemg3525-t50blte3301-plusex3320-t1_firmwarenebula_fwa710nr7101_firmwareex7710-b0_firmwarenr5307dx5401-b1ex7710-b0nr7302ax7501-b1nebula_lte3301-plusdx3300-t1_firmwarenebula_fwa505ex5600-t1wx5600-t0_firmwarenr7303ax7501-b0_firmwareex3510ex5601-t1_firmwarevmg8623-t50bnebula_nr7101_firmwarenr7103vmg3927-t50k_firmwarenebula_nr5101wx3100-t0nr5103ev2nebula_fwa710_firmwarenebula_nr5101_firmwarevmg4005-b50a_firmwarenebula_fwa510_firmwarenr5307_firmwareex3300-t1_firmwarepm5100-t0ex3500-t0_firmwarelte5398-m904_firmwaredx5401-b0nebula_lte3301-plus_firmwareex3501-t0_firmwarepx3321-t1ex5510vmg8825-t50kvmg3625-t50b_firmwarenr7302_firmwarenebula_fwa505_firmwarepm3100-t0wx3401-b0_firmwarewx5610-b0ex5401-b0lte7480-m804vmg3927-t50kex5401-b1_firmwarenbg7510_firmwarenr7501vmg4005-b50aex5601-t0_firmwareex5401-b0_firmwareex3301-t0nr7103_firmwareemg5723-t50kdx3300-t1ex3320-t1nr7102wx5610-b0_firmwarenebula_nr7101dx5401-b1_firmwareex5601-t1ex3320-t0_firmwarenr7102_firmwareex5512-t0_firmwarewx5600-t0wx3401-b0lte3202-m437ax7501-b1_firmwarenr5103ex3301-t0_firmwareemg5523-t50bemg5523-t50b_firmwareex5501-b0lte3301-plus_firmwarepm5100-t0_firmwarepm7300-t0_firmwareex3300-t1vmg3625-t50bex5401-b1emg5723-t50k_firmwaredx3301-t0ex5601-t0ex5510_firmwarepm3100-t0_firmwarenr5103_firmwarenr7101lte7490-m904emg3525-t50b_firmwarenebula_lte7461-m602dx3301-t0_firmwareax7501-b0ex5512-t0ex3500-t0lte3202-m437_firmwarenbg7510ex5501-b0_firmwarenr5103ev2_firmwarelte7240-m403lte7240-m403_firmwarenr5103e_firmwareDX3300-T1 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-4397
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.45%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:42
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_700vpn50wusg_flex_100wusg_flex_500usg_flex_50ATP series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmware USG FLEX 50(W) series firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-42278
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.26%
||
7 Day CHG~0.00%
Published-08 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().

Action-Not Available
Vendor-hutooln/a
Product-hutooln/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-6711
Matching Score-4
Assigner-Hitachi Energy
ShareView Details
Matching Score-4
Assigner-Hitachi Energy
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 14:53
Updated-25 Sep, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_firmwarertu500RTU500 series CMU Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-30075
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.62%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).

Action-Not Available
Vendor-openairinterfacen/a
Product-oai-cn5g-amfn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-28959
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-watchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-29242
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.05% / 77.78%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 14:55
Updated-23 Apr, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow on creating key transport blob in GOST Engine

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1 contains a patch for this issue. Disabling ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is a possible workaround.

Action-Not Available
Vendor-gost_engine_projectgost-engine
Product-gost_engineengine
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-30033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 56.12%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 19:18
Updated-03 Aug, 2024 | 06:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-tx9_pro_firmwaretx9_pron/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-51888
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 75.53%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-05 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.

Action-Not Available
Vendor-ctann/a
Product-mathtexn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-50991
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.94% / 94.14%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 00:00
Updated-13 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29_firmwarei29n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-50784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.98% / 77.02%
||
7 Day CHG~0.00%
Published-16 Dec, 2023 | 00:00
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.

Action-Not Available
Vendor-unrealircdn/a
Product-unrealircdn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-48704
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7||HIGH
EPSS-0.47% / 64.91%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 15:18
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated heap buffer overflow in Gorrila codec decompression

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.

Action-Not Available
Vendor-clickhouseClickHouse
Product-clickhouse_cloudclickhouseClickHouse
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.95%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.

Action-Not Available
Vendor-free5gcn/a
Product-free5gcn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46847
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-38.21% / 97.28%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 07:58
Updated-25 Feb, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Squid: denial of service in http digest authentication

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Action-Not Available
Vendor-Red Hat, Inc.Squid Cache
Product-enterprise_linux_serversquidenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_arm_64Red Hat Enterprise Linux 7.7 Advanced Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46283
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.05%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-14 Jan, 2025 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_integrate_runmyhmi_\/automotiveopcenter_qualitysimatic_pcs_neototally_integrated_automation_portalSIMATIC PCS neoTotally Integrated Automation Portal (TIA Portal) V18Opcenter Execution FoundationOpcenter QualityTotally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V14Totally Integrated Automation Portal (TIA Portal) V15.1SINEC NMS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46284
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.05%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-25 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_integrate_runmyhmi_\/automotiveopcenter_qualitysimatic_pcs_neototally_integrated_automation_portalOpcenter Execution FoundationTotally Integrated Automation Portal (TIA Portal) V15.1Totally Integrated Automation Portal (TIA Portal) V16SIMATIC PCS neoTotally Integrated Automation Portal (TIA Portal) V18Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V14SINEC NMSOpcenter Quality
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-24114
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 00:00
Updated-03 Mar, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w20e_firmwarew20en/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-27008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 62.04%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 14:04
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-27881
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.08% / 78.09%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 17:13
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-24112
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 00:00
Updated-03 Mar, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w20e_firmwarew20en/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44833
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44837
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found