Vulnerabilities > CVE-2024-8234 - Unspecified vulnerability in Zyxel Nwaw1100-N Firmware 1.00(Aace.1)C0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zyxel

critical

NVD

Published: 2024-08-30

Updated: 2025-01-22

Summary

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel Nwaw1100 N Firmware 1.00\(Aace.1\)C0	1
Hardware	Zyxel Zyxel Nwaw1100 N -	1

References

https://github.com/GroundCTL2MajorTom/pocs/blob/main/zyxel_NWAW1100-N_rce.md
https://webservice.zyxel.com/eol/ArchivedEOLModel.pdf