Vulnerability Description
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Gs1900-8 Firmware | < 2.90\(aahh.0\)c0 |
| Zyxel | Gs1900-8 | - |
| Zyxel | Gs1900-8Hp Firmware | < 2.90\(aahi.0\)c0 |
| Zyxel | Gs1900-8Hp | - |
| Zyxel | Gs1900-10Hp Firmware | < 2.90\(aazi.0\)c0 |
| Zyxel | Gs1900-10Hp | - |
| Zyxel | Gs1900-16 Firmware | < 2.90\(aahj.0\)c0 |
| Zyxel | Gs1900-16 | - |
| Zyxel | Gs1900-24 Firmware | < 2.90\(aahl.0\)c0 |
| Zyxel | Gs1900-24 | - |
| Zyxel | Gs1900-24E Firmware | < 2.90\(aahk.0\)c0 |
| Zyxel | Gs1900-24E | - |
| Zyxel | Gs1900-24Ep Firmware | < 2.90\(abto.0\)c0 |
| Zyxel | Gs1900-24Ep | - |
| Zyxel | Gs1900-24Hpv2 Firmware | < 2.90\(abtp.0\)c0 |
| Zyxel | Gs1900-24Hpv2 | - |
| Zyxel | Gs1900-48 Firmware | < 2.90\(aahn.0\)c0 |
| Zyxel | Gs1900-48 | - |
| Zyxel | Gs1900-48Hpv2 Firmware | < 2.90\(abtq.0\)c0 |
| Zyxel | Gs1900-48Hpv2 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-8881?
CVE-2024-8881 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker wit...
How severe is CVE-2024-8881?
CVE-2024-8881 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8881?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-8 Firmware, Zyxel Gs1900-8, Zyxel Gs1900-8Hp Firmware, Zyxel Gs1900-8Hp, Zyxel Gs1900-10Hp Firmware.