A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Zyxel gs1900-10hp
Zyxel gs1900-10hp Firmware Zyxel gs1900-16 Zyxel gs1900-16 Firmware Zyxel gs1900-24 Zyxel gs1900-24 Firmware Zyxel gs1900-24e Zyxel gs1900-24e Firmware Zyxel gs1900-24ep Zyxel gs1900-24ep Firmware Zyxel gs1900-24hpv2 Zyxel gs1900-24hpv2 Firmware Zyxel gs1900-48 Zyxel gs1900-48hpv2 Zyxel gs1900-48hpv2 Firmware Zyxel gs1900-8 Zyxel gs1900-8 Firmware Zyxel gs1900-8hp Zyxel gs1900-8hp Firmware |
|
CPEs | cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Zyxel gs1900-10hp
Zyxel gs1900-10hp Firmware Zyxel gs1900-16 Zyxel gs1900-16 Firmware Zyxel gs1900-24 Zyxel gs1900-24 Firmware Zyxel gs1900-24e Zyxel gs1900-24e Firmware Zyxel gs1900-24ep Zyxel gs1900-24ep Firmware Zyxel gs1900-24hpv2 Zyxel gs1900-24hpv2 Firmware Zyxel gs1900-48 Zyxel gs1900-48hpv2 Zyxel gs1900-48hpv2 Firmware Zyxel gs1900-8 Zyxel gs1900-8 Firmware Zyxel gs1900-8hp Zyxel gs1900-8hp Firmware |
Tue, 12 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Zyxel
Zyxel gs1900-48 Firmware |
|
CPEs | cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:* | |
Vendors & Products |
Zyxel
Zyxel gs1900-48 Firmware |
|
Metrics |
ssvc
|
Tue, 12 Nov 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request. | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Zyxel
Published: 2024-11-12T01:17:36.728Z
Updated: 2024-11-12T16:16:27.550Z
Reserved: 2024-09-16T02:29:47.178Z
Link: CVE-2024-8881
Vulnrichment
Updated: 2024-11-12T16:12:02.585Z
NVD
Status : Analyzed
Published: 2024-11-12T02:15:18.817
Modified: 2024-11-14T13:51:11.257
Link: CVE-2024-8881
Redhat
No data.