Vulnerability Details : CVE-2023-37929
The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2023-37929
- cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50\(abpm.8\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50\(abpm.8\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:emg5723-t50k_firmware:5.50\(abom.8.2\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50\(abpm.8\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg3927-t50k_firmware:5.50\(abom.8.2\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50\(abpm.8\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg8825-t50k_firmware:5.50\(abom.8.2\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx5401-b0_firmware:5.17\(abyo.5\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5401-b0_firmware:5.17\(abyo.5\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5501-b0_firmware:5.17\(abry.4\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ax7501-b0_firmware:5.17\(abpc.4\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx3301-t0_firmware:5.50\(aby.4\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nbg7510_firmware:1.00\(abzy.5\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3301-t0_firmware:5.50\(aby.4\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5512-t0_firmware:5.70\(aceg.2\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5600-t1_firmware:5.70\(acdz.2\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5601-t0_firmware:5.70\(acdz.2\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5601-t1_firmware:5.70\(acdz.2\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:wx3100-t0_firmware:5.50\(abl.3\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:wx5600-t0_firmware:5.70\(aceb.2\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx3300-t1_firmware:5.50\(aby.4\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ax7501-b1_firmware:5.17\(abpc.4\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex7710-b0_firmware:5.18\(acak.0\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5401-b1_firmware:5.17\(abyo.5\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3501-t0_firmware:5.44\(achr.0\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3500-t0_firmware:5.44\(achr.0\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3300-t1_firmware:5.50\(aby.4\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx5401-b1_firmware:5.17\(abyo.5\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:wx5610-b0_firmware:5.18\(acgj.0\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx4510_firmware:5.17\(abyl.5\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3510_firmware:5.17\(abup.9\)c0:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5510_firmware:5.17\(abqx.8\)c0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-37929
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-37929
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
Zyxel Corporation | 2024-05-21 |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
Zyxel Corporation | 2024-05-21 |
CWE ids for CVE-2023-37929
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by:
- 96e50032-ad0d-4058-a115-4d2c13821f9f (Primary)
- security@zyxel.com.tw (Secondary)
References for CVE-2023-37929
-
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024
Zyxel security advisory for buffer overflow vulnerabilities in some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and home router devices | Zyxel NetworksVendor Advisory
Jump to