CVE-2024-12010

7.2 HIGH

Published: March 11, 2025 Modified: January 13, 2026

Description

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025

Source: security@zyxel.com.tw

Vendor Advisory

1 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.2 / 10.0

EPSS (Exploit Probability)

0.3%

55th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-78

Affected Vendors

zyxel

Related CVEs

CVE-2026-4649 N/A

CVE-2026-3509 7.5

CVE-2026-32642 N/A

CVE-2025-41660 8.8

CVE-2026-4756 7.8