CVE-2024-40890

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 4, 2025

Updated: Feb 12, 2025

CWE ID 78

Summary

CVE-2024-40890 is a post-authentication command injection vulnerability affecting the CGI program of the Zyxel VMG4325-B10A's legacy firmware version 1.00(AAFR.4)C0_20170615. Authenticated attackers can exploit this vulnerability by sending a maliciously crafted HTTP POST request, enabling them to execute operating system commands on the affected device. This issue poses a significant risk, as it allows unauthorized command execution, potentially leading to data theft or system compromise. The vulnerability is not present in more recent firmware versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xvAcvG
https://www.cve.org/CVERecord?id=CVE-2024-40890
https://nvd.nist.gov/vuln/detail/CVE-2024-40890

Back to Vulnerability Database

CVE-2024-40890

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations