Vmg1312 B10A Firmware
CVE-2024-40891
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.
AnalysisAI
Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication command injection via Telnet management commands, companion vulnerability to CVE-2024-40890 affecting the same unsupported device.
Technical ContextAI
The CWE-78 command injection via Telnet provides an alternative exploitation path alongside the CGI-based CVE-2024-40890.
RemediationAI
Replace the device. Disable Telnet access if possible.
More in Vmg1312 B10A Firmware
View all**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A,
Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication OS command injection in the CGI program, allowing authent
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today