Zyxel Critical Vulnerability Let Attackers Perform OS Command Injection
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Zyxel has issued patches to address a critical operating system (OS) command injection vulnerability identified as CVE-2024-7261.
This vulnerability affects several versions of their access points (AP) and security routers. Users are strongly urged to apply these patches to safeguard their systems against exploits.
CVE-2024-7261 – The Vulnerability
The vulnerability arises from improper neutralizing of unique elements in the “host” parameter within the CGI program of specific AP and security router versions.
This flaw could enable an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to a vulnerable device. Such an exploit could have severe implications, including unauthorized access and control over affected devices.
Affected Versions and Recommended Actions
Zyxel has conducted a thorough investigation to identify the products affected by this vulnerability. Below is a detailed table listing the affected models, their vulnerable versions, and the corresponding patch availability.
Product Affected Model Affected Version Patch Availability APNWA50AX7.00(ABYW.1) and earlier7.00(ABYW.2)NWA50AX PRO7.00(ACGE.1) and earlier7.00(ACGE.2)NWA55AXE7.00(ABZL.1) and earlier7.00(ABZL.2)NWA90AX7.00(ACCV.1) and earlier7.00(ACCV.2)NWA90AX PRO7.00(ACGF.1) and earlier7.00(ACGF.2)NWA110AX7.00(ABTG.1) and earlier7.00(ABTG.2)NWA130BE7.00(ACIL.1) and earlier7.00(ACIL.2)NWA210AX7.00(ABTD.1) and earlier7.00(ABTD.2)NWA220AX-6E7.00(ACCO.1) and earlier7.00(ACCO.2)NWA1123-AC PRO6.28(ABHD.0) and earlier6.28(ABHD.3)NWA1123ACv36.70(ABVT.4) and earlier6.70(ABVT.5)WAC5006.70(ABVS.4) and earlier6.70(ABVS.5)WAC500H6.70(ABWA.4) and earlier6.70(ABWA.5)WAC6103D-I6.28(AAXH.0) and earlier6.28(AAXH.3)WAC6502D-S6.28(AASE.0) and earlier6.28(AASE.3)WAC6503D-S6.28(AASF.0) and earlier6.28(AASF.3)WAC6552D-S6.28(ABIO.0) and earlier6.28(ABIO.3)WAC6553D-E6.28(AASG.2) and earlier6.28(AASG.3)WAX300H7.00(ACHF.1) and earlier7.00(ACHF.2)WAX510D7.00(ABTF.1) and earlier7.00(ABTF.2)WAX610D7.00(ABTE.1) and earlier7.00(ABTE.2)WAX620D-6E7.00(ACCN.1) and earlier7.00(ACCN.2)WAX630S7.00(ABZD.1) and earlier7.00(ABZD.2)WAX640S-6E7.00(ACCM.1) and earlier7.00(ACCM.2)WAX650S7.00(ABRM.1) and earlier7.00(ABRM.2)WAX655E7.00(ACDO.1) and earlier7.00(ACDO.2)WBE5307.00(ACLE.1) and earlier7.00(ACLE.2)WBE660S7.00(ACGG.1) and earlier7.00(ACGG.2)Security RouterUSG LITE 60AXV2.00(ACIP.2)V2.00(ACIP.3)*
Zyxel’s proactive response to this vulnerability highlights the importance of regular software updates and patch management in maintaining cybersecurity.
Users of the affected products are advised to apply the patches immediately to mitigate potential risks.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Zyxel Critical Vulnerability Let Attackers Perform OS Command Injection
Author: DhivyaZyxel has issued patches to address a critical operating system (OS) command injection vulnerability identified as CVE-2024-7261.
This vulnerability affects several versions of their access points (AP) and security routers. Users are strongly urged to apply these patches to safeguard their systems against exploits.
CVE-2024-7261 – The Vulnerability
The vulnerability arises from improper neutralizing of unique elements in the “host” parameter within the CGI program of specific AP and security router versions.
This flaw could enable an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to a vulnerable device. Such an exploit could have severe implications, including unauthorized access and control over affected devices.
Affected Versions and Recommended Actions
Zyxel has conducted a thorough investigation to identify the products affected by this vulnerability. Below is a detailed table listing the affected models, their vulnerable versions, and the corresponding patch availability.
Product Affected Model Affected Version Patch Availability APNWA50AX7.00(ABYW.1) and earlier7.00(ABYW.2)NWA50AX PRO7.00(ACGE.1) and earlier7.00(ACGE.2)NWA55AXE7.00(ABZL.1) and earlier7.00(ABZL.2)NWA90AX7.00(ACCV.1) and earlier7.00(ACCV.2)NWA90AX PRO7.00(ACGF.1) and earlier7.00(ACGF.2)NWA110AX7.00(ABTG.1) and earlier7.00(ABTG.2)NWA130BE7.00(ACIL.1) and earlier7.00(ACIL.2)NWA210AX7.00(ABTD.1) and earlier7.00(ABTD.2)NWA220AX-6E7.00(ACCO.1) and earlier7.00(ACCO.2)NWA1123-AC PRO6.28(ABHD.0) and earlier6.28(ABHD.3)NWA1123ACv36.70(ABVT.4) and earlier6.70(ABVT.5)WAC5006.70(ABVS.4) and earlier6.70(ABVS.5)WAC500H6.70(ABWA.4) and earlier6.70(ABWA.5)WAC6103D-I6.28(AAXH.0) and earlier6.28(AAXH.3)WAC6502D-S6.28(AASE.0) and earlier6.28(AASE.3)WAC6503D-S6.28(AASF.0) and earlier6.28(AASF.3)WAC6552D-S6.28(ABIO.0) and earlier6.28(ABIO.3)WAC6553D-E6.28(AASG.2) and earlier6.28(AASG.3)WAX300H7.00(ACHF.1) and earlier7.00(ACHF.2)WAX510D7.00(ABTF.1) and earlier7.00(ABTF.2)WAX610D7.00(ABTE.1) and earlier7.00(ABTE.2)WAX620D-6E7.00(ACCN.1) and earlier7.00(ACCN.2)WAX630S7.00(ABZD.1) and earlier7.00(ABZD.2)WAX640S-6E7.00(ACCM.1) and earlier7.00(ACCM.2)WAX650S7.00(ABRM.1) and earlier7.00(ABRM.2)WAX655E7.00(ACDO.1) and earlier7.00(ACDO.2)WBE5307.00(ACLE.1) and earlier7.00(ACLE.2)WBE660S7.00(ACGG.1) and earlier7.00(ACGG.2)Security RouterUSG LITE 60AXV2.00(ACIP.2)V2.00(ACIP.3)*
Zyxel’s proactive response to this vulnerability highlights the importance of regular software updates and patch management in maintaining cybersecurity.
Users of the affected products are advised to apply the patches immediately to mitigate potential risks.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
