Post-Authentication Command Injection in Zyxel DSL Routers
CVE-2024-11253

7.2HIGH

Key Information:

Vendor: Zyxel
Status: Vmg8825-t50k Firmware
Vendor: CVE Published:; 11 March 2025

Summary

A vulnerability exists in the Zyxel VMG8825-T50K firmware that allows authenticated attackers with administrator privileges to execute arbitrary operating system commands via the 'DNSServer' parameter during diagnostic processes. This security flaw could lead to unauthorized control over the device, posing significant risks to network integrity and data security.

Affected Version(s)

VMG8825-T50K firmware <= V5.50(ABOM.8.5)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Nov 15, 2024