CVE-2024-8881

MEDIUM

6.8

Description

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.

Details CVE

Score CVSS v3.16.8

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueADJACENT_NETWORK

ComplexiteLOW

Privileges requisHIGH

Interaction utilisateurNONE

Publie11/12/2024

Derniere modification11/14/2024

Sourcenvd

Observations honeypot0

Produits affectes

zyxel:gs1900-10hpzyxel:gs1900-10hp_firmwarezyxel:gs1900-16zyxel:gs1900-16_firmwarezyxel:gs1900-24zyxel:gs1900-24_firmwarezyxel:gs1900-24ezyxel:gs1900-24e_firmwarezyxel:gs1900-24epzyxel:gs1900-24ep_firmwarezyxel:gs1900-24hpv2zyxel:gs1900-24hpv2_firmwarezyxel:gs1900-48zyxel:gs1900-48_firmwarezyxel:gs1900-48hpv2zyxel:gs1900-48hpv2_firmwarezyxel:gs1900-8zyxel:gs1900-8_firmwarezyxel:gs1900-8hpzyxel:gs1900-8hp_firmware

Faiblesses (CWE)

CWE-78CWE-78

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024(security@zyxel.com.tw)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.