Lucene search

K
cve[email protected]CVE-2022-26414
HistoryApr 11, 2022 - 1:15 p.m.

CVE-2022-26414

2022-04-1113:15:07
CWE-120
web.nvd.nist.gov
81
2
zyxel
vmg3312-t20a
firmware
buffer overflow
cve-2022-26414
nvd
denial of service

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.

Affected configurations

NVD
Node
zyxelvmg3312-t20a_firmwareMatch5.30\(abfx.5\)c0
AND
zyxelvmg3312-t20aMatch-
Node
zyxelemg3525-t50b_firmwareRange<5.50\(abpm.6\)c0america
OR
zyxelemg3525-t50b_firmwareRange<5.50\(abpm.6\)c0emea
AND
zyxelemg3525-t50bMatch-
Node
zyxelemg5523-t50b_firmwareRange<5.50\(abpm.6\)c0america
OR
zyxelemg5523-t50b_firmwareRange<5.50\(abpm.6\)c0emea
AND
zyxelemg5523-t50bMatch-
Node
zyxelemg5723-t50k_firmwareRange<5.50\(abom.7\)c0
AND
zyxelemg5723-t50kMatch-
Node
zyxelemg6726-b10a_firmwareRange<5.13\(abnp.7\)c0
AND
zyxelemg6726-b10aMatch-
Node
zyxelvmg1312-t20b_firmwareRange<5.50\(absb.5\)c0
AND
zyxelvmg1312-t20bMatch-
Node
zyxelvmg3625-t50b_firmwareRange<5.50\(abpm.6\)c0
AND
zyxelvmg3625-t50bMatch-
Node
zyxelvmg3927-b50a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelvmg3927-b50aMatch-
Node
zyxelvmg3927-b50b_firmwareRange<5.13\(ably.7\)c0
AND
zyxelvmg3927-b50bMatch-
Node
zyxelvmg3927-b60a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelvmg3927-b60aMatch-
Node
zyxelvmg3927-t50k_firmwareRange<5.50\(abom.7\)c0
AND
zyxelvmg3927-t50kMatch-
Node
zyxelvmg4927-b50a_firmwareRange<5.13\(ably.7\)c0
AND
zyxelvmg4927-b50aMatch-
Node
zyxelvmg8623-t50b_firmwareRange<5.50\(abpm.6\)c0
AND
zyxelvmg8623-t50bMatch-
Node
zyxelvmg8825-b50a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelvmg8825-b50aMatch-
Node
zyxelvmg8825-b50b_firmwareRange<5.17\(abny.7\)c0
AND
zyxelvmg8825-b50bMatch-
Node
zyxelvmg8825-t50k_firmwareRange<5.50\(abom.7\)c0
AND
zyxelvmg8825-t50kMatch-
Node
zyxelvmg8825-b60a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelvmg8825-b60aMatch-
Node
zyxelvmg8825-b60b_firmwareRange<5.17\(abny.7\)c0
AND
zyxelvmg8825-b60bMatch-
Node
zyxelxmg3927-b50a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelxmg3927-b50aMatch-
Node
zyxelxmg8825-b50a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelxmg8825-b50aMatch-
Node
zyxeldx5401-b0_firmwareRange<5.17\(abyo.1\)c0
AND
zyxeldx5401-b0Match-
Node
zyxelex3510-b0_firmwareRange<5.17\(abup.4\)c1
AND
zyxelex3510-b0Match-
Node
zyxelex5401-b0_firmwareRange<5.17\(abyo.1\)c0
AND
zyxelex5401-b0Match-
Node
zyxelex5501-b0_firmwareRange<5.17\(abry.2\)c0
AND
zyxelex5501-b0Match-
Node
zyxelax7501-b0_firmwareRange<5.17\(abpc.1\)c0
AND
zyxelax7501-b0Match-
Node
zyxelep240p_firmwareRange<5.40\(abh.0\)c0
AND
zyxelep240pMatch-
Node
zyxelpm7300-t0_firmwareRange<5.42\(acbc.1\)c0
AND
zyxelpm7300-t0Match-
Node
zyxelpmg5317-t20b_firmwareRange<5.40\(abki.4\)c0
AND
zyxelpmg5317-t20bMatch-
Node
zyxelpmg5617ga_firmwareRange<5.40\(abna.2\)c0
AND
zyxelpmg5617gaMatch-
Node
zyxelpmg5617-t20b2_firmwareRange<5.41\(acbb.1\)c0
AND
zyxelpmg5617-t20b2Match-
Node
zyxelpmg5622ga_firmwareRange<5.40\(abnb.2\)c0
AND
zyxelpmg5622gaMatch-
Node
zyxelpx7501-b0_firmwareRange<5.17\(abpc.1\)c0
AND
zyxelpx7501-b0Match-

CNA Affected

[
  {
    "product": "VMG3312-T20A firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V5.30(ABFX.5)C0"
      }
    ]
  }
]

Social References

More

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2022-26414