Read Time:2 Minute, 39 Second

In a concerning development for network security, Zyxel has recently issued patches to address a critical operating system (OS) command injection vulnerability, designated as CVE-2024-7261. This flaw poses a significant risk to various versions of their access points (AP) and security routers, and users are strongly encouraged to act promptly to safeguard their systems.

Understanding CVE-2024-7261

The vulnerability stems from the inadequate handling of unique elements within the “host” parameter in the CGI program found in specific models of Zyxel’s access points and security routers. This oversight could allow an unauthenticated attacker to execute OS commands on vulnerable devices by sending a specially crafted cookie. The implications of such an exploit are severe, potentially granting unauthorized access and control over affected devices.

Affected Models and Versions

Zyxel has taken decisive steps to investigate and identify the products impacted by this vulnerability. Below is a comprehensive overview of the affected models, their vulnerable versions, and the availability of patches:

ProductAffected ModelAffected VersionPatch Availability
Access PointsNWA50AX7.00(ABYW.1) and earlier7.00(ABYW.2)
NWA50AX PRO7.00(ACGE.1) and earlier7.00(ACGE.2)
NWA55AXE7.00(ABZL.1) and earlier7.00(ABZL.2)
NWA90AX7.00(ACCV.1) and earlier7.00(ACCV.2)
NWA90AX PRO7.00(ACGF.1) and earlier7.00(ACGF.2)
NWA110AX7.00(ABTG.1) and earlier7.00(ABTG.2)
NWA130BE7.00(ACIL.1) and earlier7.00(ACIL.2)
NWA210AX7.00(ABTD.1) and earlier7.00(ABTD.2)
NWA220AX-6E7.00(ACCO.1) and earlier7.00(ACCO.2)
NWA1123-AC PRO6.28(ABHD.0) and earlier6.28(ABHD.3)
NWA1123AC36.70(ABVT.4) and earlier6.70(ABVT.5)
WAC5006.70(ABVS.4) and earlier6.70(ABVS.5)
WAC500H6.70(ABWA.4) and earlier6.70(ABWA.5)
WAC6103D-I6.28(AAXH.0) and earlier6.28(AAXH.3)
WAC6502D-S6.28(AASE.0) and earlier6.28(AASE.3)
WAC6503D-S6.28(AASF.0) and earlier6.28(AASF.3)
WAC6552D6.28(ABIO.0) and earlier6.28(ABIO.3)
WAC6553D-E6.28(AASG.2) and earlier6.28(AASG.3)
WAX300H7.00(ACHF.1) and earlier7.00(ACHF.2)
WAX510D7.00(ABTF.1) and earlier7.00(ABTF.2)
WAX610D7.00(ABTE.1) and earlier7.00(ABTE.2)
WAX620D-6E7.00(ACCN.1) and earlier7.00(ACCN.2)
WAX630S7.00(ABZD.1) and earlier7.00(ABZD.2)
WAX640S-6E7.00(ACCM.1) and earlier7.00(ACCM.2)
WAX650S7.00(ABRM.1) and earlier7.00(ABRM.2)
WAX655E7.00(ACDO.1) and earlier7.00(ACDO.2)
Security RouterUSG LITE 60AXV2.00(ACIP.2)V2.00(ACIP.3)*

Importance of Timely Updates

Zyxel’s prompt response to this vulnerability underscores the critical need for regular software updates and effective patch management in maintaining robust cybersecurity defenses.

For users with affected devices, the message is clear: apply the patches immediately to mitigate potential risks associated with this vulnerability.

By staying vigilant and proactive about security measures, network administrators can significantly reduce the risk of exploitation and ensure a safer networking environment for all users connected to their systems.

In conclusion, as cyber threats continue to evolve, vigilance in maintaining updated security measures remains paramount for all organizations relying on network devices like those from Zyxel.

Leave a Reply

Your email address will not be published. Required fields are marked *