Post-Authentication Command Injection Vulnerability Affects Zyxel GS1900-48 Switch
CVE-2024-8881

6.8MEDIUM

Key Information:

Vendor: Zyxel
Status: Gs1900-48 Firmware
Vendor: CVE Published:; 12 November 2024

Summary

A security vulnerability exists in the CGI program of the Zyxel GS1900-48 switch firmware that allows an authenticated attacker with admin privileges to execute operating system commands. This occurs through the manipulation of crafted HTTP requests sent to the affected device. The implications of such unauthorized command execution can lead to significant exploitation potential, highlighting the importance of immediate remediation for devices running vulnerable firmware versions.

Affected Version(s)

GS1900-48 firmware <= V2.80(AAHN.1)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024
Vulnerability Reserved
Sep 16, 2024