CVE-2024-40891

HIGH CISA KEV EPSS 97.0%

Published Feb 4, 20251y ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Find Similar

Published Feb 4, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

KEV Listed Feb 11, 2025 1y ago

KEV Due Mar 4, 2025 483d overdue

Description

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

CISA Known Exploited Overdue 483d

Added: Feb 11, 2025
Due: Mar 4, 2025

The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

EPSS Exploit Probability

97.0% percentile

Exploit & Patch Status

Actively Exploited (KEV)

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 28

Vendor	Product	Version	Range
zyxel	vmg1312-b10a_firmware	*	any
zyxel	vmg1312-b10a	*	any
zyxel	vmg1312-b10b_firmware	*	any
zyxel	vmg1312-b10b	*	any
zyxel	vmg1312-b10e_firmware	*	any
zyxel	vmg1312-b10e	*	any
zyxel	vmg3312-b10a_firmware	*	any
zyxel	vmg3312-b10a	*	any
zyxel	vmg3313-b10a_firmware	*	any
zyxel	vmg3313-b10a	*	any
zyxel	vmg3926-b10b_firmware	*	any
zyxel	vmg3926-b10b	*	any
zyxel	vmg4325-b10a_firmware	*	any
zyxel	vmg4325-b10a	*	any
zyxel	vmg4380-b10a_firmware	*	any
zyxel	vmg4380-b10a	*	any
zyxel	vmg8324-b10a_firmware	*	any
zyxel	vmg8324-b10a	*	any
zyxel	vmg8924-b10a_firmware	*	any
zyxel	vmg8924-b10a	*	any
zyxel	sbg3300-n000_firmware	*	any
zyxel	sbg3300-n000	*	any
zyxel	sbg3300-nb00_firmware	*	any
zyxel	sbg3300-nb00	*	any
zyxel	sbg3500-n000_firmware	*	any
zyxel	sbg3500-n000_firmware	*	any
zyxel	sbg3500-nb00_firmware	*	any
zyxel	sbg3500-nb00	*	any

References 2

cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40891

US Government Resource
zyxel.com https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.