CVE-2024-40890
Essential information
- Published
- 04/02/2025 10:15
- Modified
- 12/02/2025 18:12
- Author
- —
- Creator
- —
- CVSS
- 8.8 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- LOW
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
**UNSUPPORTED WHEN ASSIGNED**
A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| zyxel / vmg1312-b10a firmware | cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg1312-b10a | cpe:2.3:h:zyxel:vmg1312-b10a:-:*:*:*:*:*:*:* |
| zyxel / vmg1312-b10b firmware | cpe:2.3:o:zyxel:vmg1312-b10b_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg1312-b10b | cpe:2.3:h:zyxel:vmg1312-b10b:-:*:*:*:*:*:*:* |
| zyxel / vmg1312-b10e firmware | cpe:2.3:o:zyxel:vmg1312-b10e_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg1312-b10e | cpe:2.3:h:zyxel:vmg1312-b10e:-:*:*:*:*:*:*:* |
| zyxel / vmg3312-b10a firmware | cpe:2.3:o:zyxel:vmg3312-b10a_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg3312-b10a | cpe:2.3:h:zyxel:vmg3312-b10a:-:*:*:*:*:*:*:* |
| zyxel / vmg3313-b10a firmware | cpe:2.3:o:zyxel:vmg3313-b10a_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg3313-b10a | cpe:2.3:h:zyxel:vmg3313-b10a:-:*:*:*:*:*:*:* |
| zyxel / vmg3926-b10b firmware | cpe:2.3:o:zyxel:vmg3926-b10b_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg3926-b10b | cpe:2.3:h:zyxel:vmg3926-b10b:-:*:*:*:*:*:*:* |
| zyxel / vmg4325-b10a firmware | cpe:2.3:o:zyxel:vmg4325-b10a_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg4325-b10a | cpe:2.3:h:zyxel:vmg4325-b10a:-:*:*:*:*:*:*:* |
| zyxel / vmg4380-b10a firmware | cpe:2.3:o:zyxel:vmg4380-b10a_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg4380-b10a | cpe:2.3:h:zyxel:vmg4380-b10a:-:*:*:*:*:*:*:* |
| zyxel / vmg8324-b10a firmware | cpe:2.3:o:zyxel:vmg8324-b10a_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg8324-b10a | cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:* |
| zyxel / vmg8924-b10a firmware | cpe:2.3:o:zyxel:vmg8924-b10a_firmware:-:*:*:*:*:*:*:* |
| zyxel / vmg8924-b10a | cpe:2.3:h:zyxel:vmg8924-b10a:-:*:*:*:*:*:*:* |
| zyxel / sbg3300-n000 firmware | cpe:2.3:o:zyxel:sbg3300-n000_firmware:-:*:*:*:*:*:*:* |
| zyxel / sbg3300-n000 | cpe:2.3:h:zyxel:sbg3300-n000:-:*:*:*:*:*:*:* |
| zyxel / sbg3300-nb00 firmware | cpe:2.3:o:zyxel:sbg3300-nb00_firmware:-:*:*:*:*:*:*:* |
| zyxel / sbg3300-nb00 | cpe:2.3:h:zyxel:sbg3300-nb00:-:*:*:*:*:*:*:* |
| zyxel / sbg3500-n000 firmware | cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:* |
| zyxel / sbg3500-n000 firmware | cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:* |
| zyxel / sbg3500-nb00 firmware | cpe:2.3:o:zyxel:sbg3500-nb00_firmware:-:*:*:*:*:*:*:* |
| zyxel / sbg3500-nb00 | cpe:2.3:h:zyxel:sbg3500-nb00:-:*:*:*:*:*:*:* |