What is CVE-2024-40890?

A high-severity command injection vulnerability has been identified in Zyxel DSL CPE devices. An authenticated attacker could exploit this vulnerability to execute OS commands. Immediate action is required to mitigate this risk.

What is the severity of CVE-2024-40890?

CVE-2024-40890 has a severity rating of HIGH with a CVSS base score of 8.8.

CVE-2024-40890 | High Vulnerability in Zyxel DSL CPE Devices

Q: Is CVE-2024-40890 in CISA KEV?

Yes. CVE-2024-40890 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

On February 4, 2025, a post-authentication command injection vulnerability was disclosed for the Zyxel DSL CPE devices, specifically affecting the firmware version 1.00(AAFR.4)C0_20170615 of the VMG4325-B10A model. This vulnerability allows authenticated attackers to send crafted HTTP POST requests that execute operating system (OS) commands on the affected devices. The CVSS score for this vulnerability is 8.8, categorizing it as high severity, which indicates a significant risk for organizations utilizing affected devices.

Risk to organizations includes unauthorized command execution, which can lead to further exploitation of the device’s functionality and potentially compromise the network. As this vulnerability impacts devices that may be critical to network infrastructure, it is essential for organizations to assess their exposure and take immediate action.

The urgency of this vulnerability is underscored by its inclusion in the Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize patching immediately to mitigate potential exploitation.

As of now, there are no public exploits reported, but the potential for exploitation remains, emphasizing the need for vigilance and prompt remediation.

Vulnerability Details

This vulnerability allows authenticated users to exploit a command injection flaw in the CGI program of the Zyxel DSL CPE devices. The affected devices include various firmware versions, with the most critical being the VMG4325-B10A. The CVSS 3.1 score of 8.8 indicates that the attack vector is network-based, with low complexity and low privileges required for exploitation. The potential impacts include high confidentiality, integrity, and availability losses.

Technical Analysis

The root cause of the vulnerability stems from insufficient input validation in the CGI program, allowing attackers to inject arbitrary OS commands. The attack vector is network-based, requiring no user interaction, and can be executed with low privileges after authentication. The impacts of this vulnerability are significant, affecting confidentiality, integrity, and availability of the device.

Risk & Impact Analysis

Organizations deploying Zyxel DSL CPE devices face considerable risks due to this vulnerability. The potential for unauthorized OS command execution allows attackers to manipulate device behavior, leading to broader network compromise. Given the high CVSS score and KEV status, organizations should address this vulnerability in their priority patch cycle.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The following versions of Zyxel DSL CPE devices are affected: VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300-N000, SBG3300-NB00, SBG3500-N000, and SBG3500-NB00. All versions prior to vendor patch are considered vulnerable.

Mitigation & Remediation

Organizations should prioritize patching immediately to mitigate this vulnerability. Users are advised to discontinue product utilization if a current mitigation is unavailable. For further guidance, organizations can refer to the penetration testing services that can help identify vulnerabilities in their systems.

Detection Guidance

Monitor logs for unusual HTTP POST requests that may indicate attempts to exploit the command injection vulnerability. Behavioral anomalies in device operations should be investigated promptly to mitigate potential impacts.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing risks associated with legacy systems in network environments. The potential for exploitation poses a significant threat to organizations, particularly those utilizing affected Zyxel devices. Security teams should learn from this incident to improve their defenses against similar vulnerabilities in the future. Implementing robust security measures and regular assessments, such as penetration testing methodology can provide valuable insights into the security posture of their systems. Organizations should also consider adopting strategies from our vulnerability management program to ensure ongoing defense against emerging threats.

Further insights can be drawn from analyzing the trends in vulnerabilities, as discussed in our vulnerability exposure and severity trends to better prepare for future threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-40890: High Vulnerability in Zyxel DSL CPE Devices