Vulnerability Details CVE-2024-8881
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.4%
CVSS Severity
CVSS v3 Score 6.8
Products affected by CVE-2024-8881
-
cpe:2.3:h:zyxel:gs1900-10hp:-
-
cpe:2.3:h:zyxel:gs1900-16:-
-
cpe:2.3:h:zyxel:gs1900-24:-
-
cpe:2.3:h:zyxel:gs1900-24e:-
-
cpe:2.3:h:zyxel:gs1900-24ep:-
-
cpe:2.3:h:zyxel:gs1900-24hpv2:-
-
cpe:2.3:h:zyxel:gs1900-48:-
-
cpe:2.3:h:zyxel:gs1900-48hpv2:-
-
cpe:2.3:h:zyxel:gs1900-8:-
-
cpe:2.3:h:zyxel:gs1900-8hp:-
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:-
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.50(aazi.0)c0
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.3)
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.3)c0
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.5)
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.80(aazi.0)
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.80(aazi.0)c0
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.80(aazi.1)c0
-
cpe:2.3:o:zyxel:gs1900-16_firmware:-
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.50(aahj.0)c0
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.3)
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.3)c0
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.5)
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.80(aahj.0)
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.80(aahj.0)c0
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.80(aahj.1)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:-
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.50(aahl.0)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.3)
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.3)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.5)
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.80(aahl.0)
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.80(aahl.0)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.80(aahl.1)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:-
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.50(aahk.0)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.3)
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.3)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.5)
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.80(aahk.0)
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.80(aahk.0)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.80(aahk.1)c0
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.3)
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.3)c0
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.5)
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.80(abto.0)
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.80(abto.0)c0
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.80(abto.1)c0
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(aatp.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(abtp.3)
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(abtp.3)c0
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(abtp.5)
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.80(abtp.0)
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.80(abtp.0)c0
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.80(abtp.1)c0
-
cpe:2.3:o:zyxel:gs1900-48_firmware:-
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.50(aahn.0)c0
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.3)
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.3)c0
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.5)
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.80(aahn.0)
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.80(aahn.0)c0
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.80(aahn.1)c0
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.3)
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.3)c0
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.5)
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.80(abtq.0)
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.80(abtq.0)c0
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.80(abtq.1)c0
-
cpe:2.3:o:zyxel:gs1900-8_firmware:-
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.50(aaho.0)c0
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.3)
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.3)c0
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.5)
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.80(aahh.0)
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.80(aahh.0)c0
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.80(aahh.1)c0
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:-
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.50(aahi.0)c0
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.3)
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.3)c0
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.5)
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.80(aahi.0)
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.80(aahi.0)c0
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.80(aahi.1)c0