Lte3301 Plus Firmware
CVE-2024-8748
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (zyxel) · only source for this CVE.
CVSS VectorVendor: zyxel
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
AnalysisAI
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device. Affected products include: Zyxel Lte3301-Plus Firmware, Zyxel Lte5388-M804 Firmware, Zyxel Lte5398-M904 Firmware, Zyxel Lte7480-M804 Firmware, Zyxel Lte7490-M904 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
More in Lte3301 Plus Firmware
View allCommand injection in Zyxel EX3510-B0 router UPnP functionality via firmware versions through 5.17. Allows remote code ex
The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local a
A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware ve
A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions thro
A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today