Shell Injection Vulnerability in Zyxel VMG5313-B30B Router
CVE-2020-24354

8.8HIGH

Key Information:

Vendor: Zyxel
Status: Vmg5313-b30b Firmware
Vendor: CVE Published:; 31 August 2020

What is CVE-2020-24354?

The Zyxel VMG5313-B30B router is susceptible to a shell injection vulnerability found in firmware version 5.13(ABCJ.6)b3_1127 and possibly in earlier firmware versions. This weakness may allow an attacker to execute arbitrary commands on the router, potentially compromising the device's security and integrity. Users are advised to check their firmware versions and apply any relevant updates from the vendor to mitigate this vulnerability.

References

https://www.zyxel.com/support/security_advisories.shtml

x_refsource_MISC

https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2020
Vulnerability Reserved
Aug 13, 2020