VYPR
Unrated severityCISA KEVNVD Advisory· Published Feb 4, 2025· Updated Oct 21, 2025

CVE-2024-40890

CVE-2024-40890

Description

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zyxel/VMG4325-B10Allm-create2 versions
    = 1.00(AAFR.4)C0_20170615+ 1 more
    • (no CPE)range: = 1.00(AAFR.4)C0_20170615
    • (no CPE)range: <= 1.00(AAFR.4)C0_20170615

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.