CVE-2024-12009
Published: 11 March 2025
Summary
CVE-2024-12009 is a high-severity OS Command Injection (CWE-78) vulnerability in Zyxel EX5601-T1 (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-12009 is a post-authentication command injection vulnerability (CWE-78) in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier. This flaw allows arbitrary operating system command execution on affected devices, earning a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
An authenticated attacker with administrator privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables full control over the device, including high-impact compromise of confidentiality, integrity, and availability through arbitrary OS command execution.
The Zyxel security advisory provides details on mitigation, available at https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025. Security practitioners should consult this for patching instructions and affected device lists.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54137
Vulnerability details
A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The post-authentication command injection vulnerability allows arbitrary OS command execution on a network-accessible device, directly enabling exploitation of public-facing applications (T1190) and Unix shell command execution (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the command injection vulnerability by requiring timely identification, reporting, and remediation of flaws through firmware patching as recommended in the Zyxel advisory.
Prevents command injection attacks like CVE-2024-12009 by validating and sanitizing inputs to the ZyEE function to block arbitrary OS command execution.
Limits the impact of post-authentication exploitation by enforcing least privilege, ensuring administrator accounts lack unnecessary permissions for arbitrary OS command execution.