CVE-2024-9200
published 2024-12-03CVE-2024-9200: A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | emg6726-b10a_firmware | < 5.13\(abnp.8\)c1 | 5.13\(abnp.8\)c1 |
| zyxel | vmg3927-b50b_firmware | < 5.13\(ably.9\)c1 | 5.13\(ably.9\)c1 |
| zyxel | vmg4005-b50a_firmware | < 5.15\(abqa.2.3\)c0 | 5.15\(abqa.2.3\)c0 |
| zyxel | vmg4005-b50a_firmware | <= V5.15(ABQA.2.2)C0 | — |
| zyxel | vmg4005-b50b_firmware | < 5.13\(abrl.5.2\)c0 | 5.13\(abrl.5.2\)c0 |
| zyxel | vmg4005-b60a_firmware | < 5.15\(abqa.2.3\)c0 | 5.15\(abqa.2.3\)c0 |
| zyxel | vmg4927-b50a_firmware | < 5.13\(ably.9\)c1 | 5.13\(ably.9\)c1 |