CVE-2024-12009
Published: 11 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2024-12009 is a post-authentication command injection vulnerability (CWE-78) in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier. This flaw allows arbitrary operating system command execution on affected devices, earning a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
An authenticated attacker with administrator privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables full control over the device, including high-impact compromise of confidentiality, integrity, and availability through arbitrary OS command execution.
The Zyxel security advisory provides details on mitigation, available at https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025. Security practitioners should consult this for patching instructions and affected device lists.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The post-authentication command injection vulnerability allows arbitrary OS command execution on a network-accessible device, directly enabling exploitation of public-facing applications (T1190) and Unix shell command execution (T1059.004).