7.2
CVE-2024-12010
- EPSS 0.34%
- Veröffentlicht 11.03.2025 02:15:10
- Zuletzt bearbeitet 13.01.2026 16:19:21
- Quelle security@zyxel.com.tw
- CVE-Watchlists
- Unerledigt
A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Wx5610-b0 Firmware Version <= 5.18\(acgj.0.1\)c0
Zyxel ≫ Dx3300-t0 Firmware Version <= 5.50\(abvy.5.4\)c0
Zyxel ≫ Dx3300-t1 Firmware Version <= 5.50\(abvy.5.4\)c0
Zyxel ≫ Dx3301-t0 Firmware Version <= 5.50\(abvy.5.4\)c0
Zyxel ≫ Dx4510-b0 Firmware Version <= 5.17\(abyl.8\)c0
Zyxel ≫ Dx4510-b1 Firmware Version <= 5.17\(abyl.8\)c0
Zyxel ≫ Dx5401-b0 Firmware Version <= 5.17\(abyo.6.4\)c0
Zyxel ≫ Dx5401-b1 Firmware Version <= 5.17\(abyo.6.4\)c0
Zyxel ≫ Ee6510-10 Firmware Version <= 5.19\(acjq.1\)c1
Zyxel ≫ Ex3300-t0 Firmware Version <= 5.50\(abvy.5.4\)c0
Zyxel ≫ Ex3300-t1 Firmware Version <= 5.50\(abvy.5.4\)c0
Zyxel ≫ Ex3301-t0 Firmware Version <= 5.50\(abvy.5.4\)c0
Zyxel ≫ Ex3500-t0 Firmware Version <= 5.44\(achr.3\)c0
Zyxel ≫ Ex3501-t0 Firmware Version <= 5.44\(achr.3\)c0
Zyxel ≫ Ex3510-b0 Firmware Version <= 5.17\(abup.13\)c0
Zyxel ≫ Ex3510-b1 Firmware Version <= 5.17\(abup.13\)c0
Zyxel ≫ Ex3600-t0 Firmware Version <= 5.70\(acif.0.5\)c0
Zyxel ≫ Ex5401-b0 Firmware Version <= 5.17\(abyo.6.4\)c0
Zyxel ≫ Ex5401-b1 Firmware Version <= 5.17\(abyo.6.4\)c0
Zyxel ≫ Ex5501-b0 Firmware Version <= 5.17\(abry.5.3\)c0
Zyxel ≫ Ex5510-b0 Firmware Version <= 5.17\(abqx.10\)c0
Zyxel ≫ Ex5512-t0 Firmware Version <= 5.70\(aceg4.2\)c0
Zyxel ≫ Ex5601-t0 Firmware Version <= 5.70\(acdz.3.6\)c0
Zyxel ≫ Ex5601-t1 Firmware Version <= 5.70\(acdz.3.6\)c0
Zyxel ≫ Ex7501-b0 Firmware Version <= 5.18\(achn.1.3\)c0
Zyxel ≫ Ex7710-b0 Firmware Version <= 5.18\(acak.1.1\)c1
Zyxel ≫ Emg3525-t50b Firmware Version <= 5.50\(abpm.9.3\)c0
Zyxel ≫ Emg5523-t50b Firmware Version <= 5.50\(abpm.9.3\)c0
Zyxel ≫ Emg5723-t50k Firmware Version <= 5.50\(abom.8.5\)c0
Zyxel ≫ Vmg3625-t50b Firmware Version <= 5.50\(abpm.9.3\)c0
Zyxel ≫ Vmg3927-t50k Firmware Version <= 5.50\(abom.8.5\)c0
Zyxel ≫ Vmg8623-t50b Firmware Version <= 5.50\(abpm.9.3\)c0
Zyxel ≫ Vmg8825-t50k Firmware Version <= 5.50\(abom.8.5\)c0
Zyxel ≫ Ax7501-b0 Firmware Version <= 5.17\(abpc.5.3\)c0
Zyxel ≫ Ax7501-b1 Firmware Version <= 5.17\(abpc.5.3\)c0
Zyxel ≫ Px3321-t1 Firmware Version <= 5.44\(acjb.1.1\)c0
Zyxel ≫ Px3321-t1 Firmware Version <= 5.44\(achk.0.3\)c0
Zyxel ≫ Px5301-t0 Firmware Version <= 5.44\(ackb.0.1\)c0
Zyxel ≫ Wx3100-t0 Firmware Version <= 5.50\(abvl.4.5\)c0
Zyxel ≫ Wx3401-b0 Firmware Version <= 5.17\(abve.2.6\)c0
Zyxel ≫ Wx3401-b1 Firmware Version <= 5.17\(abve.2.6\)c0
Zyxel ≫ Wx5600-t0 Firmware Version <= 5.70\(aceb.3.3\)c0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.567 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.