Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-40890
Analyzed
More InfoOfficial Page
Source-security@zyxel.com.tw
View Known Exploited Vulnerability (KEV) details
Published At-04 Feb, 2025 | 10:15
Updated At-27 Oct, 2025 | 17:04

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2025-02-112025-03-04Zyxel DSL CPE OS Command Injection VulnerabilityThe impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
Date Added: 2025-02-11
Due Date: 2025-03-04
Vulnerability Name: Zyxel DSL CPE OS Command Injection Vulnerability
Required Action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Zyxel Networks Corporation
zyxel
>>vmg1312-b10a_firmware>>-
cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg1312-b10a>>-
cpe:2.3:h:zyxel:vmg1312-b10a:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg1312-b10b_firmware>>-
cpe:2.3:o:zyxel:vmg1312-b10b_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg1312-b10b>>-
cpe:2.3:h:zyxel:vmg1312-b10b:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg1312-b10e_firmware>>-
cpe:2.3:o:zyxel:vmg1312-b10e_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg1312-b10e>>-
cpe:2.3:h:zyxel:vmg1312-b10e:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg3312-b10a_firmware>>-
cpe:2.3:o:zyxel:vmg3312-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg3312-b10a>>-
cpe:2.3:h:zyxel:vmg3312-b10a:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg3313-b10a_firmware>>-
cpe:2.3:o:zyxel:vmg3313-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg3313-b10a>>-
cpe:2.3:h:zyxel:vmg3313-b10a:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg3926-b10b_firmware>>-
cpe:2.3:o:zyxel:vmg3926-b10b_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg3926-b10b>>-
cpe:2.3:h:zyxel:vmg3926-b10b:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg4325-b10a_firmware>>-
cpe:2.3:o:zyxel:vmg4325-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg4325-b10a>>-
cpe:2.3:h:zyxel:vmg4325-b10a:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg4380-b10a_firmware>>-
cpe:2.3:o:zyxel:vmg4380-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg4380-b10a>>-
cpe:2.3:h:zyxel:vmg4380-b10a:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg8324-b10a_firmware>>-
cpe:2.3:o:zyxel:vmg8324-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg8324-b10a>>-
cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg8924-b10a_firmware>>-
cpe:2.3:o:zyxel:vmg8924-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>vmg8924-b10a>>-
cpe:2.3:h:zyxel:vmg8924-b10a:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>sbg3300-n000_firmware>>-
cpe:2.3:o:zyxel:sbg3300-n000_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>sbg3300-n000>>-
cpe:2.3:h:zyxel:sbg3300-n000:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>sbg3300-nb00_firmware>>-
cpe:2.3:o:zyxel:sbg3300-nb00_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>sbg3300-nb00>>-
cpe:2.3:h:zyxel:sbg3300-nb00:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>sbg3500-n000_firmware>>-
cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>sbg3500-n000_firmware>>-
cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>sbg3500-nb00_firmware>>-
cpe:2.3:o:zyxel:sbg3500-nb00_firmware:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>sbg3500-nb00>>-
cpe:2.3:h:zyxel:sbg3500-nb00:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Secondarysecurity@zyxel.com.tw
CWE ID: CWE-78
Type: Secondary
Source: security@zyxel.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025security@zyxel.com.tw
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40890134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025
Source: security@zyxel.com.tw
Resource:
Vendor Advisory
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40890
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource
Change History
0Changes found
Details not found