Cyber Resilience

CVE-2024-9197

Medium

Published: 03 December 2024

Published
03 December 2024
Modified
21 January 2025
KEV Added
Patch
CVSS Score v3.1 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0039 60.2th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9197 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Zyxel Px3321-T1 Firmware. Its CVSS base score is 4.9 (Medium).

Operationally, ranked in the top 39.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web…

more

management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zyxel
dx3300-t0 firmware
≤ 5.50\(aby.5.4\)c0
zyxel
dx3300-t1 firmware
≤ 5.50\(aby.5.4\)c0
zyxel
dx3301-t0 firmware
≤ 5.50\(aby.5.4\)c0
zyxel
dx4510-b0 firmware
≤ 5.17\(abyl.8\)c0
zyxel
dx4510-b1 firmware
≤ 5.17\(abyl.8\)c0
zyxel
dx5401-b0 firmware
≤ 5.17\(abyo.6.4\)c0
zyxel
dx5401-b1 firmware
≤ 5.17\(abyo.6.4\)c0
zyxel
ee6510-10 firmware
≤ 5.19\(acjq.1\)c0
zyxel
ex3300-t0 firmware
≤ 5.50\(aby.5.4\)c0
zyxel
ex3300-t1 firmware
≤ 5.50\(aby.5.4\)c0
+26 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References