CVE-2024-9200 HIGH

CVE-2024-9200

Vendor Zyxel
Product VMG4005-B50A firmware
Weakness CWE-78
Published December 3, 2024
Last update December 6, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

Key dates

02Disclosure timeline

December 3, 2024 CVE published
December 6, 2024 Record updated