PT-2025-10683 · Zyxel · Zyxel Vmg8825-T50K

Erik De Jong

Published

2025-03-11

Updated

2025-03-12

CVE-2024-11253

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.8.5)C0

Description A post-authentication command injection issue exists in the diagnostic function of the Zyxel VMG8825-T50K firmware, specifically in the DNSServer parameter. This could allow an authenticated attacker with administrator privileges to execute operating system commands on a vulnerable device.

Recommendations For Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.8.5)C0, consider restricting access to the diagnostic function until a patch is available. As a temporary workaround, limit the use of the DNSServer parameter to minimize the risk of exploitation.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2025-05044

CVE-2024-11253

Affected Products

Zyxel Vmg8825-T50K

PT-2025-10683 · Zyxel · Zyxel Vmg8825-T50K

CVE-2024-11253

Weakness Enumeration

Related Identifiers

Affected Products

References · 10