ГлавнаяУязвимости → CVE-2024-8234
7.5высокая

CVE-2024-8234

Описание

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.

Затрагиваемое ПО
Zyxel Nwaw1100-n firmwareZyxel Nwaw1100-n
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://github.com/GroundCTL2MajorTom/pocs/blob/main/zyxel_NWAW1100-N_rce.mdhttps://webservice.zyxel.com/eol/ArchivedEOLModel.pdf