CVE-2024-9197

Q: What is the severity of CVE-2024-9197?

CVE-2024-9197 has a CVSS score of 4.9 (MEDIUM). This is a post-authentication buffer overflow vulnerability in Zyxel VMG3625-T50B devices that allows authenticated administrators to cause temporary denial of service against the web management interface. Attackers need admin credentials and the ZyEE function must be enabled to exploit this vulnerability.

4.9 MEDIUM

Denial of Service Buffer Overflow

📋 TL;DR

This is a post-authentication buffer overflow vulnerability in Zyxel VMG3625-T50B devices that allows authenticated administrators to cause temporary denial of service against the web management interface. Attackers need admin credentials and the ZyEE function must be enabled to exploit this vulnerability.

💻 Affected Systems

Products:

Zyxel VMG3625-T50B

Versions: All firmware versions through V5.50(ABPM.9.2)C0

Operating Systems: Embedded firmware

Default Config Vulnerable: ✅ No

Notes: Vulnerability only exploitable if ZyEE function is enabled on the device.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Temporary DoS against web management interface, potentially disrupting administrative access and requiring physical reset.

🟠

Likely Case

Temporary service interruption of web management interface until device reboots or request stops.

🟢

If Mitigated

No impact if proper authentication controls and network segmentation are in place.

🌐 Internet-Facing: MEDIUM - Web management interfaces exposed to internet could be targeted by attackers with stolen credentials.

🏢 Internal Only: LOW - Requires authenticated admin access, making insider threat or credential compromise necessary.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated admin access and specific function enabled. Buffer overflow in CGI parameter handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware newer than V5.50(ABPM.9.2)C0

Vendor Advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024

Restart Required: Yes

Instructions:

1. Download latest firmware from Zyxel support portal. 2. Log into device web interface. 3. Navigate to Maintenance > Firmware Upgrade. 4. Upload and apply new firmware. 5. Device will reboot automatically.

🔧 Temporary Workarounds

Disable ZyEE Function

all

Disable the ZyEE function if not required for device operation

Restrict Web Interface Access

all

Limit access to web management interface to trusted IP addresses only

🧯 If You Can't Patch

Disable ZyEE function in device configuration
Implement strict network segmentation to isolate device management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under Maintenance > System Info. If version is V5.50(ABPM.9.2)C0 or earlier, device is vulnerable.

Check Version:

Check via web interface or SSH: show version

Verify Fix Applied:

Verify firmware version is newer than V5.50(ABPM.9.2)C0 after patching.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by HTTP GET requests with long 'action' parameters
Web interface crash/restart logs

Network Indicators:

HTTP GET requests with unusually long 'action' parameter values to CGI endpoints

SIEM Query:

source="device_logs" AND (http_method="GET" AND url="*cgi*" AND param_action_length>100)

📊 Metadata

CVE ID: CVE-2024-9197

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: December 3, 2024

Last Updated: January 21, 2025

🔗 References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ax7501 B0 Firmware by Zyxel

Ax7501 B1 Firmware by Zyxel

Dx3300 T0 Firmware by Zyxel

Dx3300 T1 Firmware by Zyxel

Dx3301 T0 Firmware by Zyxel

Dx4510 B0 Firmware by Zyxel

Dx4510 B1 Firmware by Zyxel

Dx5401 B0 Firmware by Zyxel

Dx5401 B1 Firmware by Zyxel

Ee6510 10 Firmware by Zyxel

Emg3525 T50b Firmware by Zyxel

Emg5523 T50b Firmware by Zyxel

Emg5723 T50k Firmware by Zyxel

Ex3300 T0 Firmware by Zyxel

Ex3300 T1 Firmware by Zyxel

Ex3301 T0 Firmware by Zyxel

Ex3500 T0 Firmware by Zyxel

Ex3501 T0 Firmware by Zyxel

Ex3510 B0 Firmware by Zyxel

Ex3510 B1 Firmware by Zyxel

Ex3600 T0 Firmware by Zyxel

Ex5401 B0 Firmware by Zyxel

Ex5401 B1 Firmware by Zyxel

Ex5501 B0 Firmware by Zyxel

Ex5510 B0 Firmware by Zyxel

Ex5600 T1 Firmware by Zyxel

Ex5601 T0 Firmware by Zyxel

Ex5601 T1 Firmware by Zyxel

Ex7501 B0 Firmware by Zyxel

Px3321 T1 Firmware by Zyxel