CVE-2024-8234
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Published: Aug 30, 2024 / Updated: 2mo ago
010
CVSS 7.5EPSS 0.09%High
CVE info copied to clipboard
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Timeline
CVE Assignment
NVD published the first details for CVE-2024-8234
Aug 30, 2024 at 1:15 AM
First Article
Feedly found the first article mentioning CVE-2024-8234. See article
Aug 30, 2024 at 1:21 AM / National Vulnerability Database
CVSS Estimate
Feedly estimated the CVSS score as HIGH
Aug 30, 2024 at 1:21 AM
EPSS
EPSS Score was set to: 0.09% (Percentile: 38.3%)
Aug 30, 2024 at 9:58 AM
Affected Systems
Zyxel/nwa1100-n
+null more
Attack Patterns
CAPEC-108: Command Line Execution through SQL Injection
+null more
News
High - CVE-2024-8234 - ** UNSUPPORTED WHEN ASSIGNED ** A command...
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could...
null
- HIGH - CVE-2024-8234 ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.
CVE-2024-8234 | Zyxel NWA1100-N 1.00(AACE.1)C0 formSysCmd/formUpgradeCert/formDelcert os command injection
A vulnerability was found in Zyxel NWA1100-N 1.00(AACE.1)C0 and classified as critical . This issue affects the function formSysCmd/formUpgradeCert/formDelcert . The manipulation leads to os command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2024-8234 . The attack may be initiated remotely. Furthermore, there is an exploit available.
cveNotify : 🚨 CVE-2024-8234** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.🎖@cveNotify
cveNotify : 🚨 CVE-2024-8234** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.🎖@cveNotify
CVE-2024-8234
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected...
See 4 more articles and social media posts