Vulnerability Description
A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Emg5723-T50K Firmware | <= 5.50\(abom.8.5\)c0 |
| Zyxel | Emg5723-T50K | - |
| Zyxel | Dm4200-B0 Firmware | <= 5.17\(acbs.1\)c0 |
| Zyxel | Dm4200-B0 | - |
| Zyxel | Vmg3927-T50K Firmware | <= 5.50\(abom.8.5\)c0 |
| Zyxel | Vmg3927-T50K | - |
| Zyxel | Vmg4005-B50A Firmware | <= 5.15\(abqa.2.3\)c0 |
| Zyxel | Vmg4005-B50A | - |
| Zyxel | Vmg4005-B60A Firmware | <= 5.15\(abqa.2.3\)c0 |
| Zyxel | Vmg4005-B60A | - |
| Zyxel | Vmg8825-T50K Firmware | <= 5.50\(abom.8.5\)c0 |
| Zyxel | Vmg8825-T50K | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-11253?
CVE-2024-11253 is a vulnerability with a CVSS score of 7.2 (HIGH). A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an au...
How severe is CVE-2024-11253?
CVE-2024-11253 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-11253?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Emg5723-T50K Firmware, Zyxel Emg5723-T50K, Zyxel Dm4200-B0 Firmware, Zyxel Dm4200-B0, Zyxel Vmg3927-T50K Firmware.