Unauthenticated Attacker Could Read device Information via HTTP HEAD Method
CVE-2024-11494

7.5HIGH

Key Information:

Vendor: Zyxel
Status: P-6101c Firmware
Vendor: CVE Published:; 20 November 2024

What is CVE-2024-11494?

An improper authentication vulnerability exists in Zyxel's P-6101C ADSL modem, specifically in firmware version P-6101CSA6AP_20140331. This flaw enables an unauthenticated attacker to potentially access sensitive device information through crafted HTTP HEAD requests. Exploitation of this vulnerability could lead to unauthorized information disclosure, raising significant concerns for users relying on this product for network connectivity.

Affected Version(s)

P-6101C firmware P-6101CSA6AP_20140331

References

https://gist.github.com/stevenyu113228/78e0169d2ff110e9a6...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2024
Vulnerability Reserved
Nov 20, 2024