CVE-2024-40890CISA KEVEPSS p97.0%

CVE-2024-40890Zyxel DSL CPE OS Command Injection Vulnerability

Zyxel / DSL CPE Devices

Description

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.

Scoring

EPSS19.31% probability of exploitation · percentile 97.0% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2025-02-11

(incoming)1

TypeTargetConfidenceTier
KEVEntryZyxel DSL CPE OS Command Injection Vulnerabilitykev-cve-2024-408900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Zyxel Multiple Firewalls OS Command Injection Vulnerability
CVE
CVE-2025-8693
CVE
CVE-2026-7256
CVE
Zyxel Multiple NAS Devices OS Command Injection Vulnerability
CVE
CVE-2025-0890
CVE
Zyxel Multiple NAS Devices Command Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.