CVE-2024-40891: Zyxel DSL CPE OS Command Injection Vulnerability. Multiple

Zyxel DSL CPE OS Command Injection Vulnerability. Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.

• CISA KEV-listed (remediation due 2025-03-04)
• EPSS 53.2% (98.0% percentile)

Browse the CVE database

Read the full analysis on IntelFusions