CVE-2024-5412

Q: What is the severity of CVE-2024-5412?

CVE-2024-5412 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in the libclinkc library of Zyxel VMG8825-T50K firmware allows unauthenticated attackers to cause denial of service by sending crafted HTTP requests. This affects Zyxel 5G NR CPE, DSL/Ethernet CPE, Fiber ONT, WiFi Extender, and security router devices. Attackers can disrupt device functionality without authentication.

7.5 HIGH

Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in the libclinkc library of Zyxel VMG8825-T50K firmware allows unauthenticated attackers to cause denial of service by sending crafted HTTP requests. This affects Zyxel 5G NR CPE, DSL/Ethernet CPE, Fiber ONT, WiFi Extender, and security router devices. Attackers can disrupt device functionality without authentication.

💻 Affected Systems

Products:

Zyxel VMG8825-T50K
Various Zyxel 5G NR CPE devices
Zyxel DSL/Ethernet CPE devices
Zyxel Fiber ONT devices
Zyxel WiFi Extenders
Zyxel security routers

Versions: Firmware version 5.50(ABOM.8)C0 and potentially earlier versions

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with web management interface exposed are vulnerable. The vulnerability is in the libclinkc library used across multiple Zyxel product lines.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, potential remote code execution if buffer overflow can be controlled precisely

🟠

Likely Case

Denial of service causing device reboot and temporary network disruption

🟢

If Mitigated

Minimal impact with proper network segmentation and updated firmware

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific HTTP requests to trigger the buffer overflow. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions per device model

Vendor Advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-some-5g-nr-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-devices-09-03-2024

Restart Required: Yes

Instructions:

1. Visit Zyxel support portal. 2. Identify your device model. 3. Download latest firmware from vendor advisory. 4. Upload firmware via web interface. 5. Apply update and reboot device.

🔧 Temporary Workarounds

Restrict HTTP Access

linux

Block external HTTP access to device management interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable Remote Management

all

Turn off remote management in device settings if not required

🧯 If You Can't Patch

Segment affected devices on isolated network VLAN
Implement strict firewall rules to limit HTTP traffic to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at System > Status or using CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify firmware version matches patched version from vendor advisory after update

📡 Detection & Monitoring

Log Indicators:

Multiple HTTP requests with abnormal length or patterns
Device reboot logs without user action
Web interface access logs showing crafted requests

Network Indicators:

HTTP traffic to device management ports with unusual payload sizes
Increased HTTP error responses from device

SIEM Query:

source="device_logs" AND (http_request_length>10000 OR http_status=500) AND dest_port IN (80, 443)

📊 Metadata

CVE ID: CVE-2024-5412

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: September 3, 2024

Last Updated: February 24, 2026

🔗 References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-some-5g-nr-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-devices-09-03-2024 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ax7501 B0 Firmware by Zyxel

Ax7501 B1 Firmware by Zyxel

Dx3300 T0 Firmware by Zyxel

Dx3300 T1 Firmware by Zyxel

Dx3301 T0 Firmware by Zyxel

Dx4510 B0 Firmware by Zyxel

Dx5401 B0 Firmware by Zyxel

Dx5401 B1 Firmware by Zyxel

Emg3525 T50b Firmware by Zyxel

Emg5523 T50b Firmware by Zyxel

Emg5723 T50k Firmware by Zyxel

Ex3300 T0 Firmware by Zyxel

Ex3300 T1 Firmware by Zyxel

Ex3301 T0 Firmware by Zyxel

Ex3500 T0 Firmware by Zyxel

Ex3501 T0 Firmware by Zyxel

Ex3510 B0 Firmware by Zyxel

Ex5401 B0 Firmware by Zyxel

Ex5401 B1 Firmware by Zyxel

Ex5510 B0 Firmware by Zyxel

Ex5512 T0 Firmware by Zyxel

Ex5601 T0 Firmware by Zyxel

Ex5601 T1 Firmware by Zyxel

Ex7501 B0 Firmware by Zyxel

Ex7710 B0 Firmware by Zyxel

Nebula Fwa505 Firmware by Zyxel

Nebula Fwa510 Firmware by Zyxel

Nebula Fwa710 Firmware by Zyxel

Nebula Lte3301 Plus Firmware by Zyxel

Nr5103 Firmware by Zyxel

Nr5103ev2 Firmware by Zyxel

Nr5307 Firmware by Zyxel

Nr7103 Firmware by Zyxel

Nr7302 Firmware by Zyxel

Nr7303 Firmware by Zyxel

Nr7501 Firmware by Zyxel

Pm3100 T0 Firmware by Zyxel

Pm5100 T0 Firmware by Zyxel

Pm7300 T0 Firmware by Zyxel

Px3321 T1 Firmware by Zyxel

Scr50axe Firmware by Zyxel

Vmg3625 T50b Firmware by Zyxel

Vmg3927 T50k Firmware by Zyxel

Vmg4005 B50a Firmware by Zyxel

Vmg4005 B60a Firmware by Zyxel

Vmg8623 T50b Firmware by Zyxel

Vmg8825 T50k Firmware by Zyxel

Wx3100 T0 Firmware by Zyxel

Wx3401 B0 Firmware by Zyxel

Wx5600 T0 Firmware by Zyxel