THREAT OPS › CVEs › CVE-2024-40890
CVE-2024-40890 — Zyxel DSL CPE OS Command Injection Vulnerability
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.
Vulnerability details
- Affected productsDSL CPE Devices
- KEV remediation due2025-03-04