Post-Authentication Command Injection in Zyxel Firmware
CVE-2024-12009

7.2HIGH

Key Information:

Vendor: Zyxel
Status: Ex5601-t1 Firmware
Vendor: CVE Published:; 11 March 2025

Summary

An authenticated attacker with administrator privileges could exploit a vulnerability in the 'ZyEE' function of the Zyxel EX5601-T1 firmware. This weakness allows the execution of unauthorized operating system commands on affected devices, potentially compromising device integrity and user data.

Affected Version(s)

EX5601-T1 firmware <= V5.70(ACDZ.3.6)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Dec 2, 2024