Exploit
CVE-2020-24354

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Published: Aug 31, 2020 / Updated: 40mo ago

010
CVSS 8.8EPSS 0.31%High
CVE info copied to clipboard

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2020-24354. See article

Aug 31, 2020 at 8:21 PM / nitter.net
EPSS

EPSS Score was set to: 0.31% (Percentile: 66.6%)

Oct 15, 2023 at 7:13 AM
Static CVE Timeline Graph

Affected Systems

Zyxel/vmg5313-b30b_firmware
+null more

Exploits

https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B
+null more

Patches

www.zyxel.com
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI