Zyxel VMG4325-B10A 操作系统命令注入漏洞

🗓️ 04 Feb 2025 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 2 Views

Zyxel VMG4325-B10A has a command injection flaw allowing an attacker to execute operating system commands in version 1.00(AAFR.4)C0_20170615.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2024-40891	4 Feb 202500:00	–	attackerkb
BDU FSTEC	The vulnerability of Zyxel network device software of the CPE series exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.	30 Jan 202500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Zyxel network device software of the CPE series exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.	11 Feb 202500:00	–	bdu_fstec
Circl	CVE-2024-40891	28 Jan 202521:13	–	circl
CISA KEV Catalog	Zyxel DSL CPE OS Command Injection Vulnerability	11 Feb 202500:00	–	cisa_kev
CISA	CISA Adds Four Known Exploited Vulnerabilities to Catalog	11 Feb 202512:00	–	cisa
CVE	CVE-2024-40891	4 Feb 202510:02	–	cve
Cvelist	CVE-2024-40891	4 Feb 202510:02	–	cvelist
NVD	CVE-2024-40891	4 Feb 202510:15	–	nvd
Positive Technologies	PT-2025-1302	27 Jan 202500:00	–	ptsecurity

Source	Link
zyxel	www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025

01 Jan 2026 00:00Current

9.6High risk

Vulners AI Score9.6

CVSS 3.18.8

EPSS0.53243

Zyxel VMG4325-B10A command injection operating system commands version 1.00(AAFR.4)C0_20170615