CVE-2024-12010

HIGH
Published Mar 11, 2025 Modified Jan 13, 2026 CWE-78

Description

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

Is your site exposed to CVE-2024-12010?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-78 OS Command Injection

Affected Products

Vendor Product
zyxel wx5610-b0_firmware
zyxel wx5610-b0
zyxel dx3300-t0_firmware
zyxel dx3300-t0
zyxel dx3300-t1_firmware
zyxel dx3300-t1
zyxel dx3301-t0_firmware
zyxel dx3301-t0
zyxel dx4510-b0_firmware
zyxel dx4510-b0
zyxel dx4510-b1_firmware
zyxel dx4510-b1
zyxel dx5401-b0_firmware
zyxel dx5401-b0
zyxel dx5401-b1_firmware
zyxel dx5401-b1
zyxel ee6510-10_firmware
zyxel ee6510-10
zyxel ex3300-t0_firmware
zyxel ex3300-t0
zyxel ex3300-t1_firmware
zyxel ex3300-t1
zyxel ex3301-t0_firmware
zyxel ex3301-t0
zyxel ex3500-t0_firmware
zyxel ex3500-t0
zyxel ex3501-t0_firmware
zyxel ex3501-t0
zyxel ex3510-b0_firmware
zyxel ex3510-b0
zyxel ex3510-b1_firmware
zyxel ex3510-b1
zyxel ex3600-t0_firmware
zyxel ex3600-t0
zyxel ex5401-b0_firmware
zyxel ex5401-b0
zyxel ex5401-b1_firmware
zyxel ex5401-b1
zyxel ex5501-b0_firmware
zyxel ex5501-b0
zyxel ex5510-b0_firmware
zyxel ex5510-b0
zyxel ex5512-t0_firmware
zyxel ex5512-t0
zyxel ex5601-t0_firmware
zyxel ex5601-t0
zyxel ex5601-t1_firmware
zyxel ex5601-t1
zyxel ex7501-b0_firmware
zyxel ex7501-b0
zyxel ex7710-b0_firmware
zyxel ex7710-b0
zyxel emg3525-t50b_firmware
zyxel emg3525-t50b
zyxel emg5523-t50b_firmware
zyxel emg5523-t50b
zyxel emg5723-t50k_firmware
zyxel emg5723-t50k
zyxel vmg3625-t50b_firmware
zyxel vmg3625-t50b
zyxel vmg3927-t50k_firmware
zyxel vmg3927-t50k
zyxel vmg8623-t50b_firmware
zyxel vmg8623-t50b
zyxel vmg8825-t50k_firmware
zyxel vmg8825-t50k
zyxel ax7501-b0_firmware
zyxel ax7501-b0
zyxel ax7501-b1_firmware
zyxel ax7501-b1
zyxel px3321-t1_firmware
zyxel px3321-t1
zyxel px3321-t1_firmware
zyxel px3321-t1
zyxel px5301-t0_firmware
zyxel px5301-t0
zyxel wx3100-t0_firmware
zyxel wx3100-t0
zyxel wx3401-b0_firmware
zyxel wx3401-b0
zyxel wx3401-b1_firmware
zyxel wx3401-b1
zyxel wx5600-t0_firmware
zyxel wx5600-t0

References

Frequently Asked Questions

What is CVE-2024-12010? +
A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. It has a CVSS v3.1 base score of 7.2 (HIGH).
How severe is CVE-2024-12010? +
CVE-2024-12010 has a CVSS v3.1 score of 7.2 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2024-12010? +
CVE-2024-12010 affects products from zyxel, specifically: ax7501-b0, ax7501-b0_firmware, ax7501-b1, ax7501-b1_firmware, dx3300-t0, dx3300-t0_firmware, dx3300-t1, dx3300-t1_firmware, dx3301-t0, dx3301-t0_firmware, dx4510-b0, dx4510-b0_firmware, dx4510-b1, dx4510-b1_firmware, dx5401-b0, dx5401-b0_firmware, dx5401-b1, dx5401-b1_firmware, ee6510-10, ee6510-10_firmware, emg3525-t50b, emg3525-t50b_firmware, emg5523-t50b, emg5523-t50b_firmware, emg5723-t50k, emg5723-t50k_firmware, ex3300-t0, ex3300-t0_firmware, ex3300-t1, ex3300-t1_firmware, ex3301-t0, ex3301-t0_firmware, ex3500-t0, ex3500-t0_firmware, ex3501-t0, ex3501-t0_firmware, ex3510-b0, ex3510-b0_firmware, ex3510-b1, ex3510-b1_firmware, ex3600-t0, ex3600-t0_firmware, ex5401-b0, ex5401-b0_firmware, ex5401-b1, ex5401-b1_firmware, ex5501-b0, ex5501-b0_firmware, ex5510-b0, ex5510-b0_firmware, ex5512-t0, ex5512-t0_firmware, ex5601-t0, ex5601-t0_firmware, ex5601-t1, ex5601-t1_firmware, ex7501-b0, ex7501-b0_firmware, ex7710-b0, ex7710-b0_firmware, px3321-t1, px3321-t1_firmware, px5301-t0, px5301-t0_firmware, vmg3625-t50b, vmg3625-t50b_firmware, vmg3927-t50k, vmg3927-t50k_firmware, vmg8623-t50b, vmg8623-t50b_firmware, vmg8825-t50k, vmg8825-t50k_firmware, wx3100-t0, wx3100-t0_firmware, wx3401-b0, wx3401-b0_firmware, wx3401-b1, wx3401-b1_firmware, wx5600-t0, wx5600-t0_firmware, wx5610-b0, wx5610-b0_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-12010? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-12010 — free, no signup required.