CVE-2024-12010: A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier…

high7.2CVSS 3.1

AVNACLPRHUINSUCHIHAH

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

Affected

42 ranges· showing 25

Vendor	Product	Version range	Fixed in
zyxel	ax7501-b0_firmware	<= 5.17\(abpc.5.3\)c0	—
zyxel	ax7501-b1_firmware	<= 5.17\(abpc.5.3\)c0	—
zyxel	dx3300-t0_firmware	<= 5.50\(abvy.5.4\)c0	—
zyxel	dx3300-t1_firmware	<= 5.50\(abvy.5.4\)c0	—
zyxel	dx3301-t0_firmware	<= 5.50\(abvy.5.4\)c0	—
zyxel	dx4510-b0_firmware	<= 5.17\(abyl.8\)c0	—
zyxel	dx4510-b1_firmware	<= 5.17\(abyl.8\)c0	—
zyxel	dx5401-b0_firmware	<= 5.17\(abyo.6.4\)c0	—
zyxel	dx5401-b1_firmware	<= 5.17\(abyo.6.4\)c0	—
zyxel	ee6510-10_firmware	<= 5.19\(acjq.1\)c1	—
zyxel	emg3525-t50b_firmware	<= 5.50\(abpm.9.3\)c0	—
zyxel	emg5523-t50b_firmware	<= 5.50\(abpm.9.3\)c0	—
zyxel	emg5723-t50k_firmware	<= 5.50\(abom.8.5\)c0	—
zyxel	ex3300-t0_firmware	<= 5.50\(abvy.5.4\)c0	—
zyxel	ex3300-t1_firmware	<= 5.50\(abvy.5.4\)c0	—
zyxel	ex3301-t0_firmware	<= 5.50\(abvy.5.4\)c0	—
zyxel	ex3500-t0_firmware	<= 5.44\(achr.3\)c0	—
zyxel	ex3501-t0_firmware	<= 5.44\(achr.3\)c0	—
zyxel	ex3510-b0_firmware	<= 5.17\(abup.13\)c0	—
zyxel	ex3510-b1_firmware	<= 5.17\(abup.13\)c0	—
zyxel	ex3600-t0_firmware	<= 5.70\(acif.0.5\)c0	—
zyxel	ex5401-b0_firmware	<= 5.17\(abyo.6.4\)c0	—
zyxel	ex5401-b1_firmware	<= 5.17\(abyo.6.4\)c0	—
zyxel	ex5501-b0_firmware	<= 5.17\(abry.5.3\)c0	—
zyxel	ex5510-b0_firmware	<= 5.17\(abqx.10\)c0	—