Vulnerability Description
A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Emg6726-B10A Firmware | < 5.13\(abnp.8\)c1 |
| Zyxel | Emg6726-B10A | - |
| Zyxel | Vmg3927-B50B Firmware | < 5.13\(ably.9\)c1 |
| Zyxel | Vmg3927-B50B | - |
| Zyxel | Vmg4005-B50A Firmware | < 5.15\(abqa.2.3\)c0 |
| Zyxel | Vmg4005-B50A | - |
| Zyxel | Vmg4005-B60A Firmware | < 5.15\(abqa.2.3\)c0 |
| Zyxel | Vmg4005-B60A | - |
| Zyxel | Vmg4005-B50B Firmware | < 5.13\(abrl.5.2\)c0 |
| Zyxel | Vmg4005-B50B | - |
| Zyxel | Vmg4927-B50A Firmware | < 5.13\(ably.9\)c1 |
| Zyxel | Vmg4927-B50A | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-9200?
CVE-2024-9200 is a vulnerability with a CVSS score of 7.2 (HIGH). A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated ...
How severe is CVE-2024-9200?
CVE-2024-9200 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-9200?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Emg6726-B10A Firmware, Zyxel Emg6726-B10A, Zyxel Vmg3927-B50B Firmware, Zyxel Vmg3927-B50B, Zyxel Vmg4005-B50A Firmware.