Unrated severityCISA KEVNVD Advisory· Published Feb 4, 2025· Updated Oct 21, 2025

CVE-2024-40890

Description

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.

Affected products

Zyxel/VMG4325-B10A firmwarev5
Range: <= 1.00(AAFR.4)C0_20170615

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.037
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000