Skip to main content

Gs1900 8 Firmware CVE-2024-8882

MEDIUM
Classic Buffer Overflow (CWE-120)
2024-11-12 security@zyxel.com.tw
4.5
CVSS 3.1 · Vendor: zyxel
Share

Severity by source

Vendor (zyxel) PRIMARY
4.5 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (zyxel) · only source for this CVE.

CVSS VectorVendor: zyxel

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 12, 2024 - 02:15 cve.org
MEDIUM 4.5

DescriptionCVE.org

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

AnalysisAI

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL. Affected products include: Zyxel Gs1900-8 Firmware, Zyxel Gs1900-8Hp Firmware, Zyxel Gs1900-10Hp Firmware, Zyxel Gs1900-16 Firmware, Zyxel Gs1900-24 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2019-15800 CRITICAL POC
9.8 Nov 14

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.8),

CVE-2019-15803 CRITICAL POC
9.1 Nov 14

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.1),

CVE-2019-15799 HIGH POC
8.8 Nov 14

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 8.8), thi

CVE-2019-15804 HIGH POC
7.5 Nov 14

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), thi

CVE-2019-15801 HIGH POC
7.5 Nov 14

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), thi

CVE-2019-15802 MEDIUM POC
5.9 Nov 14

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated medium severity (CVSS 5.9), t

CVE-2026-7273 HIGH
8.8 Jun 16

Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10H

CVE-2021-35031 HIGH
8.0 Dec 28

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware

CVE-2021-35032 HIGH
7.8 Dec 28

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local u

CVE-2024-8881 MEDIUM
6.8 Nov 12

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version

CVE-2024-38270 MEDIUM
6.5 Sep 10

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authe

CVE-2015-7256 MEDIUM
5.9 Sep 28

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A,

Share

CVE-2024-8882 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy