Zyxel CPE/ONT/Router Memory Corruption Vulnerabilities (CVE-2024-38266~38269) Security Advisory

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Name: Zyxel security advisory for post-authentication memory corruption vulnerabilities in some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions. 2. CVE IDs: CVE-2024-38266, CVE-2024-38267, CVE-2024-38268, CVE-2024-38269. 3. Vulnerability Description: - CVE-2024-38266: In certain DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions, improper boundary checks in the parameter type parser allow an authenticated attacker with administrative privileges to cause potential memory corruption, leading to thread crashes on affected devices. - CVE-2024-38267: In certain DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions, improper boundary checks in the IPv6 address parser allow an authenticated attacker with administrative privileges to cause potential memory corruption, leading to thread crashes on affected devices. 4. Affected Versions: - DSL/Ethernet CPE: DX3300-T0, DX3300-T1, DX3301-T0, DX4510-B0, DX4510-B1, DX5401-B0, DX5401-B1, EX3300-T0, EX3300-T1, EX3301-T0, EX3500-T0, EX3501-T0, EX3510-B0, EX3510-B1, EX3510-B1, EX3600-T0, EX5401-B0, EX5401-B1, EX5510-B0, EX5512-T0, EX5601-T0, EX5601-T1, EX7501-B0, EX7710-B0, EMG3525-T50B, EMG5523-T50B, EMG5723-T50K, VMG3625-T50B, VMG3927-T50K, VMG4005-B50A, VMG4005-B60A, VMG8623-T50B, VMG8825-T50K, AX7501-B0, AX7501-B1, PM3100-T0, PM5100-T0, PM7300-T0, PX3321-T1, SCR50AXE, WX3100-T0, WX3401-B0, WX5600-T0. - Fiber ONT: PM3100-T0, PM5100-T0, PM7300-T0, PX3321-T1. - Security Router: SCR50AXE, WX3100-T0, WX3401-B0, WX5600-T0. - Wi-Fi Extender: PM3100-T0, PM5100-T0, PM7300-T0, PX3321-T1. 5. Patch Availability: Patch versions are provided for each affected model. 6. Contact Information: Users are advised to contact Zyxel’s sales representative or support team to obtain the patch files. 7. Disclaimer: The table does not include models based on project-specific Internet Service Providers (ISPs). 8. Revision History: September 24, 2024: Initial release. This information helps users identify which devices and versions are vulnerable and take appropriate actions to secure their equipment.

Goal Reached Thanks to every supporter — we hit 100%!

Zyxel CPE/ONT/Router Memory Corruption Vulnerabilities (CVE-2024-38266~38269) Security Advisory