Vulnerabilities > Zyxel > Dx5401 B0 Firmware

DATE CVE VULNERABILITY TITLE RISK
2024-09-24 CVE-2024-38267 Unspecified vulnerability in Zyxel products
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
network
low complexity
zyxel
4.9
2024-09-24 CVE-2024-38268 Unspecified vulnerability in Zyxel products
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
network
low complexity
zyxel
4.9
2024-09-24 CVE-2024-38269 Unspecified vulnerability in Zyxel products
An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
network
low complexity
zyxel
4.9
2024-09-03 CVE-2024-5412 Classic Buffer Overflow vulnerability in Zyxel products
A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
network
low complexity
zyxel CWE-120
7.5
2023-04-27 CVE-2023-28769 Classic Buffer Overflow vulnerability in Zyxel Dx5401-B0 Firmware
The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
network
low complexity
zyxel CWE-120
critical
9.8
2023-04-27 CVE-2023-28770 Unspecified vulnerability in Zyxel Dx5401-B0 Firmware
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.
network
low complexity
zyxel
7.5
2023-01-11 CVE-2022-43390 OS Command Injection vulnerability in Zyxel products
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
network
low complexity
zyxel CWE-78
8.8
2022-04-11 CVE-2022-26413 OS Command Injection vulnerability in Zyxel products
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
low complexity
zyxel CWE-78
8.0
2022-04-11 CVE-2022-26414 Classic Buffer Overflow vulnerability in Zyxel products
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.
local
low complexity
zyxel CWE-120
5.5
2022-03-01 CVE-2021-35036 Cleartext Storage of Sensitive Information vulnerability in Zyxel products
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
network
low complexity
zyxel CWE-312
6.5