Unknown
CVE-2024-40890
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2024-40890
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
UNSUPPORTED WHEN ASSIGNED
A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- sbg3300-n000 firmware -,
- sbg3300-nb00 firmware -,
- sbg3500-n000 firmware -,
- sbg3500-nb00 firmware -,
- vmg1312-b10a firmware -,
- vmg1312-b10b firmware -,
- vmg1312-b10e firmware -,
- vmg3312-b10a firmware -,
- vmg3313-b10a firmware -,
- vmg3926-b10b firmware -,
- vmg4325-b10a firmware -,
- vmg4380-b10a firmware -,
- vmg8324-b10a firmware -,
- vmg8924-b10a firmware -
Exploited in the Wild
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportReferences
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
