Post-Authentication Command Injection Vulnerability
CVE-2024-9200

7.2HIGH

Key Information:

Vendor: Zyxel
Status: Vmg4005-b50a Firmware
Vendor: CVE Published:; 3 December 2024

What is CVE-2024-9200?

A vulnerability exists in the Zyxel VMG4005-B50A where an authenticated attacker with administrator privileges can exploit the 'host' parameter of the diagnostic function. This post-authentication command injection flaw permits the execution of operating system commands on the device. As a result, this can lead to unauthorized actions that compromise the integrity and security of the affected device, posing significant risks to network security.

Affected Version(s)

VMG4005-B50A firmware <= V5.15(ABQA.2.2)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2024
Vulnerability Reserved
Sep 26, 2024