7.2
CVE-2024-11253
- EPSS 0.34%
- Veröffentlicht 11.03.2025 02:15:10
- Zuletzt bearbeitet 13.01.2026 16:11:20
- Quelle security@zyxel.com.tw
- CVE-Watchlists
- Unerledigt
A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Emg5723-t50k Firmware Version <= 5.50\(abom.8.5\)c0
Zyxel ≫ Dm4200-b0 Firmware Version <= 5.17\(acbs.1\)c0
Zyxel ≫ Vmg3927-t50k Firmware Version <= 5.50\(abom.8.5\)c0
Zyxel ≫ Vmg4005-b50a Firmware Version <= 5.15\(abqa.2.3\)c0
Zyxel ≫ Vmg4005-b60a Firmware Version <= 5.15\(abqa.2.3\)c0
Zyxel ≫ Vmg8825-t50k Firmware Version <= 5.50\(abom.8.5\)c0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.567 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.