CVE-2024-12009

Q: What is the severity of CVE-2024-12009?

CVE-2024-12009 has a CVSS score of 7.2 (HIGH). This vulnerability allows authenticated attackers with administrator privileges to execute arbitrary operating system commands on Zyxel networking devices. It affects Zyxel EX5601-T1 devices running firmware version V5.70(ACDZ.3.6)C0 or earlier. Attackers must first obtain valid administrator credentials to exploit this command injection flaw.

7.2 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated attackers with administrator privileges to execute arbitrary operating system commands on Zyxel networking devices. It affects Zyxel EX5601-T1 devices running firmware version V5.70(ACDZ.3.6)C0 or earlier. Attackers must first obtain valid administrator credentials to exploit this command injection flaw.

💻 Affected Systems

Products:

Zyxel EX5601-T1

Versions: V5.70(ACDZ.3.6)C0 and earlier

Operating Systems: ZyEE firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator-level authentication. Default admin credentials increase risk.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, steal sensitive data, or render the device inoperable.

🟠

Likely Case

Attackers with stolen or default admin credentials could gain full control of the device to modify configurations, intercept traffic, or use it as a foothold for further attacks.

🟢

If Mitigated

With strong authentication controls and network segmentation, impact is limited to the affected device only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires admin credentials and knowledge of the vulnerable ZyEE function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V5.70(ACDZ.3.6)C0 or later

Vendor Advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025

Restart Required: No

Instructions:

1. Log into device admin interface. 2. Navigate to firmware update section. 3. Download latest firmware from Zyxel support portal. 4. Upload and apply firmware update. 5. Verify successful update.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit administrative access to trusted IP addresses only

Configure firewall rules to restrict admin interface access

Change Default Credentials

all

Ensure strong, unique administrator passwords are set

Change admin password via device management interface

🧯 If You Can't Patch

Segment affected devices on isolated network segments
Implement strict access controls and monitor for suspicious admin activity

🔍 How to Verify

Check if Vulnerable:

Check firmware version via admin web interface or CLI

Check Version:

show version (CLI) or check System Information in web interface

Verify Fix Applied:

Confirm firmware version is V5.70(ACDZ.3.6)C0 or later

📡 Detection & Monitoring

Log Indicators:

Unusual admin login attempts
Suspicious command execution in system logs
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unexpected outbound connections from device
Traffic patterns suggesting command and control

SIEM Query:

source="zyxel" AND (event_type="admin_login" OR event_type="command_execution")

📊 Metadata

CVE ID: CVE-2024-12009

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.32% exploit probability (54.4th percentile)

Published: March 11, 2025

Last Updated: January 13, 2026

🔗 References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ax7501 B0 Firmware by Zyxel

Ax7501 B1 Firmware by Zyxel

Dx3300 T0 Firmware by Zyxel

Dx3300 T1 Firmware by Zyxel

Dx3301 T0 Firmware by Zyxel

Dx4510 B0 Firmware by Zyxel

Dx4510 B1 Firmware by Zyxel

Dx5401 B0 Firmware by Zyxel

Dx5401 B1 Firmware by Zyxel

Ee6510 10 Firmware by Zyxel

Emg3525 T50b Firmware by Zyxel

Emg5523 T50b Firmware by Zyxel

Emg5723 T50k Firmware by Zyxel

Ex3300 T0 Firmware by Zyxel

Ex3300 T1 Firmware by Zyxel

Ex3301 T0 Firmware by Zyxel

Ex3500 T0 Firmware by Zyxel

Ex3501 T0 Firmware by Zyxel

Ex3510 B0 Firmware by Zyxel

Ex3510 B1 Firmware by Zyxel

Ex3600 T0 Firmware by Zyxel

Ex5401 B0 Firmware by Zyxel

Ex5401 B1 Firmware by Zyxel

Ex5501 B0 Firmware by Zyxel

Ex5510 B0 Firmware by Zyxel

Ex5512 T0 Firmware by Zyxel

Ex5601 T0 Firmware by Zyxel

Ex5601 T1 Firmware by Zyxel

Ex7501 B0 Firmware by Zyxel

Ex7710 B0 Firmware by Zyxel

Px3321 T1 Firmware by Zyxel

Px5301 T0 Firmware by Zyxel

Vmg3625 T50b Firmware by Zyxel

Vmg3927 T50k Firmware by Zyxel

Vmg8623 T50b Firmware by Zyxel

Vmg8825 T50k Firmware by Zyxel

Wx5600 T0 Firmware by Zyxel

Wx5610 B0 Firmware by Zyxel