CVE-2024-9197

Name of the Vulnerable Software and Affected Versions Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0

Description A post-authentication buffer overflow vulnerability in the action parameter of the CGI program could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

Recommendations For Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0, as a temporary workaround, consider disabling the ZyEE function until a patch is available. Restrict access to the CGI program to minimize the risk of exploitation. Avoid using the action parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.