CVE-2024-42058

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.38 Zyxel USG FLEX series versions V4.50 through V5.38 Zyxel USG FLEX 50(W) series versions V5.20 through V5.38 Zyxel USG20(W)-VPN series versions V5.20 through V5.38

Description A null pointer dereference issue could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device. This issue is related to errors in pointer dereferencing, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Zyxel ATP series versions V4.32 through V5.38, update to a version outside of this range to mitigate the risk. For Zyxel USG FLEX series versions V4.50 through V5.38, update to a version outside of this range to mitigate the risk. For Zyxel USG FLEX 50(W) series versions V5.20 through V5.38, update to a version outside of this range to mitigate the risk. For Zyxel USG20(W)-VPN series versions V5.20 through V5.38, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable devices until a patch is available.