Network Security, Vulnerability Management, Patch/Configuration Management

Several Zyxel router, firewall vulnerabilities addressed

Share
Cybersecurity, essential technology, Businesses utilizing advanced cybersecurity technology on a global network, protection and defense, safeguarding critical data and ensuring digital securityCybersecurity, essential technology, Businesses utilizing advanced cybersecurity technology on a global network, protection and defense, safeguarding critical data and ensuring digital security

Fixes have been released by Zyxel for numerous vulnerabilities affecting several of its router and firewall offerings, the most severe of which was a critical input validation issue, tracked as CVE-2024-7261, which could be leveraged to enable remote arbitrary command execution, BleepingComputer reports.

Multiple Zyxel NWA Series, NWA1123-AC PRO, NWA1123ACv3, WAC500, WAC500H, WAC Series, WAX Series, and WBE Series access points are impacted by the flaw, which stems from improper user-supplied data management, according to Zyxel. "The improper neutralization of special elements in the parameter "host" in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device," said Zyxel. Seven other high-severity APT and USG FLEX firewall bugs have also been addressed by Zyxel, the most serious of which was the command injection flaw in the IPSec VPN functionality, tracked as CVE-2024-42057, which could be exploited by unauthenticated attackers for OS command execution.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.