CVE-2024-11253 HIGH

CVE-2024-11253

Vendor Zyxel
Product VMG8825-T50K firmware
Weakness CWE-78
Published March 11, 2025
Last update February 26, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

Key dates

02Disclosure timeline

March 11, 2025 CVE published
February 26, 2026 Record updated