A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
14 Nov 2024, 13:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:* |
|
First Time |
Zyxel gs1900-8hp Firmware
Zyxel gs1900-48hpv2 Firmware Zyxel gs1900-24e Zyxel gs1900-10hp Firmware Zyxel gs1900-8 Zyxel Zyxel gs1900-24ep Firmware Zyxel gs1900-16 Zyxel gs1900-24hpv2 Zyxel gs1900-8hp Zyxel gs1900-24 Zyxel gs1900-24hpv2 Firmware Zyxel gs1900-10hp Zyxel gs1900-16 Firmware Zyxel gs1900-48 Zyxel gs1900-24 Firmware Zyxel gs1900-48 Firmware Zyxel gs1900-24e Firmware Zyxel gs1900-24ep Zyxel gs1900-48hpv2 Zyxel gs1900-8 Firmware |
|
References | () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024 - Vendor Advisory |
12 Nov 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Nov 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-12 02:15
Updated : 2024-11-14 13:51
NVD link : CVE-2024-8881
Mitre link : CVE-2024-8881
CVE.ORG link : CVE-2024-8881
JSON object : View
Products Affected
zyxel
- gs1900-16
- gs1900-16_firmware
- gs1900-24
- gs1900-48_firmware
- gs1900-48
- gs1900-24hpv2_firmware
- gs1900-8_firmware
- gs1900-24e_firmware
- gs1900-48hpv2_firmware
- gs1900-24_firmware
- gs1900-8
- gs1900-8hp
- gs1900-10hp
- gs1900-8hp_firmware
- gs1900-24e
- gs1900-48hpv2
- gs1900-24ep_firmware
- gs1900-24hpv2
- gs1900-24ep
- gs1900-10hp_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')