THREATOPS
THREAT OPSCVEs › CVE-2024-40890

CVE-2024-40890 — Zyxel DSL CPE OS Command Injection Vulnerability

CISA KEVExploited: confirmedZyxel

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.

Vulnerability details