In a concerning development for network security, Zyxel has recently issued patches to address a critical operating system (OS) command injection vulnerability, designated as CVE-2024-7261. This flaw poses a significant risk to various versions of their access points (AP) and security routers, and users are strongly encouraged to act promptly to safeguard their systems.
Understanding CVE-2024-7261
The vulnerability stems from the inadequate handling of unique elements within the “host” parameter in the CGI program found in specific models of Zyxel’s access points and security routers. This oversight could allow an unauthenticated attacker to execute OS commands on vulnerable devices by sending a specially crafted cookie. The implications of such an exploit are severe, potentially granting unauthorized access and control over affected devices.
Affected Models and Versions
Zyxel has taken decisive steps to investigate and identify the products impacted by this vulnerability. Below is a comprehensive overview of the affected models, their vulnerable versions, and the availability of patches:
| Product | Affected Model | Affected Version | Patch Availability |
|---|---|---|---|
| Access Points | NWA50AX | 7.00(ABYW.1) and earlier | 7.00(ABYW.2) |
| NWA50AX PRO | 7.00(ACGE.1) and earlier | 7.00(ACGE.2) | |
| NWA55AXE | 7.00(ABZL.1) and earlier | 7.00(ABZL.2) | |
| NWA90AX | 7.00(ACCV.1) and earlier | 7.00(ACCV.2) | |
| NWA90AX PRO | 7.00(ACGF.1) and earlier | 7.00(ACGF.2) | |
| NWA110AX | 7.00(ABTG.1) and earlier | 7.00(ABTG.2) | |
| NWA130BE | 7.00(ACIL.1) and earlier | 7.00(ACIL.2) | |
| NWA210AX | 7.00(ABTD.1) and earlier | 7.00(ABTD.2) | |
| NWA220AX-6E | 7.00(ACCO.1) and earlier | 7.00(ACCO.2) | |
| NWA1123-AC PRO | 6.28(ABHD.0) and earlier | 6.28(ABHD.3) | |
| NWA1123AC | 36.70(ABVT.4) and earlier | 6.70(ABVT.5) | |
| WAC500 | 6.70(ABVS.4) and earlier | 6.70(ABVS.5) | |
| WAC500H | 6.70(ABWA.4) and earlier | 6.70(ABWA.5) | |
| WAC6103D-I | 6.28(AAXH.0) and earlier | 6.28(AAXH.3) | |
| WAC6502D-S | 6.28(AASE.0) and earlier | 6.28(AASE.3) | |
| WAC6503D-S | 6.28(AASF.0) and earlier | 6.28(AASF.3) | |
| WAC6552D | 6.28(ABIO.0) and earlier | 6.28(ABIO.3) | |
| WAC6553D-E | 6.28(AASG.2) and earlier | 6.28(AASG.3) | |
| WAX300H | 7.00(ACHF.1) and earlier | 7.00(ACHF.2) | |
| WAX510D | 7.00(ABTF.1) and earlier | 7.00(ABTF.2) | |
| WAX610D | 7.00(ABTE.1) and earlier | 7.00(ABTE.2) | |
| WAX620D-6E | 7.00(ACCN.1) and earlier | 7.00(ACCN.2) | |
| WAX630S | 7.00(ABZD.1) and earlier | 7.00(ABZD.2) | |
| WAX640S-6E | 7.00(ACCM.1) and earlier | 7.00(ACCM.2) | |
| WAX650S | 7.00(ABRM.1) and earlier | 7.00(ABRM.2) | |
| WAX655E | 7.00(ACDO.1) and earlier | 7.00(ACDO.2) | |
| Security Router | USG LITE 60AX | V2.00(ACIP.2) | V2.00(ACIP.3)* |
Importance of Timely Updates
Zyxel’s prompt response to this vulnerability underscores the critical need for regular software updates and effective patch management in maintaining robust cybersecurity defenses.
For users with affected devices, the message is clear: apply the patches immediately to mitigate potential risks associated with this vulnerability.
By staying vigilant and proactive about security measures, network administrators can significantly reduce the risk of exploitation and ensure a safer networking environment for all users connected to their systems.
In conclusion, as cyber threats continue to evolve, vigilance in maintaining updated security measures remains paramount for all organizations relying on network devices like those from Zyxel.
