Cyber Posture

CVE-2024-12010

High

Published: 11 March 2025

Published
11 March 2025
Modified
11 March 2025
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0034 56.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse Unix shell commands and scripts for execution.

Security Summary

CVE-2024-12010 is a post-authentication command injection vulnerability (CWE-78) in the zyUtilMailSend function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier. Published on 2025-03-11, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

An authenticated attacker with administrator privileges can exploit this vulnerability remotely over the network with low attack complexity and no user interaction. Exploitation enables execution of arbitrary operating system commands on the vulnerable device.

The Zyxel security advisory provides details on mitigation: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025.

Details

CWE(s)
CWE-78

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Post-auth command injection (CWE-78) in network device firmware directly enables remote arbitrary OS command execution after admin auth, mapping to T1190 (exploiting public-facing app) and T1059.004 (Unix shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References