CVE-2024-11253
published 2025-03-11CVE-2024-11253: A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | dm4200-b0_firmware | <= 5.17\(acbs.1\)c0 | — |
| zyxel | emg5723-t50k_firmware | <= 5.50\(abom.8.5\)c0 | — |
| zyxel | vmg3927-t50k_firmware | <= 5.50\(abom.8.5\)c0 | — |
| zyxel | vmg4005-b50a_firmware | <= 5.15\(abqa.2.3\)c0 | — |
| zyxel | vmg4005-b60a_firmware | <= 5.15\(abqa.2.3\)c0 | — |
| zyxel | vmg8825-t50k_firmware | <= 5.50\(abom.8.5\)c0 | — |