Cyber Resilience

CVE-2024-8234

HighPublic PoCRCE

Published: 30 August 2024

Published
30 August 2024
Modified
22 January 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0747 92.0th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8234 is a high-severity OS Command Injection (CWE-78) vulnerability in Zyxel Nwaw1100-N Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-8234 is a command injection vulnerability, tracked under CWE-78, that affects the Zyxel NWA1100-N wireless access point running firmware version 1.00(AACE.1)C0. The flaw resides in the functions formSysCmd(), formUpgradeCert(), and formDelcert(), which fail to properly sanitize input and permit execution of arbitrary operating system commands. The issue was assigned a CVSS 3.1 score of 7.5 and is explicitly marked unsupported when assigned.

An unauthenticated attacker with network access can invoke the affected functions to run OS commands on the device, enabling read access to system files without requiring credentials or user interaction. The attack vector is rated as low complexity and can be performed remotely over the network.

The referenced materials include a public proof-of-concept exploit and Zyxel’s archived EOL model list, indicating that the NWA1100-N has reached end-of-life status with no vendor patches or ongoing support available. The EPSS score has remained essentially flat near 0.07 with no material post-disclosure rise.

EU & UK References

Vulnerability details

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected…

more

device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Unauthenticated command injection in web functions enables exploitation of public-facing application (T1190), network device command execution (T1059.008), and system file access (T1005).

Affected Assets

zyxel
nwaw1100-n firmware
1.00\(aace.1\)c0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References