CVE-2024-40890: UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

KEV

CISA Known Exploited Vulnerabilitydue 2025-03-04

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.

Affected

1 ranges

Vendor	Product	Version range	Fixed in
zyxel	vmg4325-b10a_firmware	<= 1.00(AAFR.4)C0_20170615	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

vulncheck8.8HIGH

cisa8.8HIGH

CVE-2024-40890: **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware…

Affected

CVSS provenance

CVE-2024-40890: UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware…