CVE-2024-11494

Published: Nov 20, 2024Modified: Nov 22, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: security@zyxel.com.tw (Secondary)

Description

**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method.

Affected (1)

Products: Zyxel: P6101c Firmware

Zyxel

1 product

P6101c Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel P6101c Firmware	Version p-6101cs6ap_20140331

Running on/with	Platform Versions
Zyxel P6101c	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (1)

https://gist.github.com/stevenyu113228/78e0169d2ff110e9a65539eb29660d25

Source: security@zyxel.com.tw

ExploitThird Party Advisory

Timeline

No history available yet.