CVE-2024-40890: Zyxel DSL CPE OS Command Injection Vulnerability. Multiple

Zyxel DSL CPE OS Command Injection Vulnerability. Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.

• CISA KEV-listed (remediation due 2025-03-04)
• EPSS 45.9% (97.7% percentile)

Browse the CVE database

Read the full analysis on IntelFusions