CVE-2024-40890

Zyxel DSL CPE OS Command Injection Vulnerability

Beschreibung

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.

Schweregrad: HIGH

CVSS-Score: 8.8

Hersteller: Zyxel

Produkt: DSL CPE Devices