CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-9197

Medium Severity
Zyxel
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00061/1

CVE-2024-9197 is a buffer overflow vulnerability affecting Zyxel VMG3625-T50B routers. This flaw allows an authenticated attacker with administrator privileges to trigger a denial of service (DoS).

This Zyxel router vulnerability (CVE-2024-9197) exists in the "action" parameter of the CGI program. By sending a crafted HTTP GET request, an attacker can overwhelm the web management interface, making it temporarily unavailable. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a moderate level of risk. Although not critical (SVRS above 80), the potential for denial of service makes it important for administrators to be aware of this vulnerability. This DoS condition impacts the device's accessibility via the web interface, potentially disrupting network management. The CWE-120 classification indicates a standard buffer overflow issue, requiring careful input validation to prevent exploitation.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-12-03
LAST MODIFIED2025-01-21
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-9197 is a newly disclosed vulnerability with limited information available at this time. The CVSS score is 0, indicating a lack of available data for a quantitative assessment. However, SOCRadar's SVRS (SOCRadar Vulnerability Risk Score) assigns a score of 30, suggesting a moderate level of risk. The vulnerability has been tagged as "In The Wild," indicating it is actively exploited by hackers.

Key Insights

  • Limited Information: The absence of a detailed description and a CVSS score of 0 indicates a lack of publicly available information regarding the nature, impact, and exploitability of the vulnerability.
  • Active Exploitation: The "In The Wild" tag is a significant indicator, suggesting attackers are actively exploiting this vulnerability in real-world attacks. This requires immediate attention and proactive security measures.
  • Moderate SVRS: The SVRS of 30 points towards a moderate level of risk associated with this vulnerability. While not considered critical, this score still warrants a heightened security awareness and prompt remediation efforts.
  • Unknown Threat Actors: The absence of specific information about known threat actors exploiting this vulnerability requires a broad approach to threat mitigation, assuming it could be used by various actors.

Mitigation Strategies

  • Patching: As soon as a patch or fix becomes available, implement it immediately to address the underlying vulnerability. Prioritize patching systems and applications that are vulnerable to CVE-2024-9197.
  • Network Segmentation: Implement strong network segmentation policies to limit the impact of potential breaches. Isolate sensitive systems and data from public-facing networks and devices.
  • Threat Intelligence: Actively monitor for new information about CVE-2024-9197 and related exploits. Leverage threat intelligence feeds and security advisories to stay informed of emerging threats.
  • Enhanced Monitoring: Increase security monitoring and logging capabilities to detect suspicious activity related to CVE-2024-9197. Implement intrusion detection systems (IDS) and intrusion prevention systems (IPS) to identify and block potential attacks.

Additional Information: If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Tageszusammenfassung - 03.12.2024
CERT.at2025-02-01
Tageszusammenfassung - 03.12.2024 | End-of-Day report Timeframe: Montag 02-12-2024 18:00 - Dienstag 03-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News Building Cyber Resilience Against Ransomware Attacks This is the first blogpost in this series. Its aim is twofold: to enable organizations embarking on a journey to build resilience against ransomware to recognize common misconceptions hindering readiness efforts and offer a conceptual framework to
cert.at
rss
forum
news
CVE-2024-9197 | Zyxel VMG3625-T50B up to V5.50(ABPM.9.2)C0 CGI Program action buffer overflow
vuldb.com2024-12-03
CVE-2024-9197 | Zyxel VMG3625-T50B up to V5.50(ABPM.9.2)C0 CGI Program action buffer overflow | A vulnerability was found in Zyxel VMG3625-T50B up to V5.50(ABPM.9.2)C0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component CGI Program. The manipulation of the argument action leads to buffer overflow. This vulnerability is known as <a href="https://vuldb.com
vuldb.com
rss
forum
news

Social Media

CVE-2024-9197 A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could… https://t.co/8Qf4ijXEYy
0
0
0

Affected Software

Configuration 3
TypeVendorProduct
OSZyxeldx3301-t0_firmware
Configuration 5
TypeVendorProduct
OSZyxeldx4510-b1_firmware
Configuration 6
TypeVendorProduct
OSZyxeldx5401-b0_firmware
Configuration 11
TypeVendorProduct
OSZyxelex3301-t0_firmware
Configuration 14
TypeVendorProduct
OSZyxelex3510-b0_firmware
Configuration 16
TypeVendorProduct
OSZyxelex5401-b0_firmware
Configuration 18
TypeVendorProduct
OSZyxelex5501-b0_firmware
Configuration 20
TypeVendorProduct
OSZyxelex5600-t1_firmware
Configuration 21
TypeVendorProduct
OSZyxelex5601-t0_firmware
Configuration 22
TypeVendorProduct
OSZyxelex5601-t1_firmware
Configuration 24
TypeVendorProduct
OSZyxelemg3525-t50b_firmware
Configuration 25
TypeVendorProduct
OSZyxelemg5523-t50b_firmware
Configuration 26
TypeVendorProduct
OSZyxelemg5723-t50k_firmware
Configuration 27
TypeVendorProduct
OSZyxelvmg3625-t50b_firmware
Configuration 28
TypeVendorProduct
OSZyxelvmg3927-t50k_firmware
Configuration 29
TypeVendorProduct
OSZyxelvmg8623-t50b_firmware
Configuration 30
TypeVendorProduct
OSZyxelvmg8825-t50k_firmware
Configuration 31
TypeVendorProduct
OSZyxelax7501-b0_firmware
Configuration 37
TypeVendorProduct
OSZyxelwx5600-t0_firmware

References

ReferenceLink
[email protected]https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024

CWE Details

CWE IDCWE NameDescription
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence