Vulnerability Details CVE-2024-9200
A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.9%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2024-9200
-
cpe:2.3:h:zyxel:emg6726-b10a:-
-
cpe:2.3:h:zyxel:vmg3927-b50b:-
-
cpe:2.3:h:zyxel:vmg4005-b50a:-
-
cpe:2.3:h:zyxel:vmg4005-b50b:-
-
cpe:2.3:h:zyxel:vmg4005-b60a:-
-
cpe:2.3:h:zyxel:vmg4927-b50a:-
-
cpe:2.3:o:zyxel:emg6726-b10a_firmware:-
-
cpe:2.3:o:zyxel:emg6726-b10a_firmware:5.13(abnp.7)c0
-
cpe:2.3:o:zyxel:vmg3927-b50b_firmware:-
-
cpe:2.3:o:zyxel:vmg3927-b50b_firmware:5.13(ably.7)c0
-
cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-
-
cpe:2.3:o:zyxel:vmg4005-b50a_firmware:5.15(abqa.2.2)c0
-
cpe:2.3:o:zyxel:vmg4005-b50b_firmware:-
-
cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-
-
cpe:2.3:o:zyxel:vmg4005-b60a_firmware:5.15(abqa.2.2)c0
-
cpe:2.3:o:zyxel:vmg4927-b50a_firmware:-
-
cpe:2.3:o:zyxel:vmg4927-b50a_firmware:5.13(ably.7)c0