Security News > 2024 > June > Zyxel issues emergency RCE patch for end-of-life NAS devices

Zyxel issues emergency RCE patch for end-of-life NAS devices
2024-06-04 17:28

Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life.

Although both NAS models reached the end of their support period on December 31, 2023, Zyxel released fixes for the three critical flaws in versions 5.21(AAZF.17)C0 for NAS326 and 5.21(ABAG.14)C0 for NAS542.

"Due to the critical severity of vulnerabilities CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974, Zyxel has made patches available to customers despite the products already having reached end-of-vulnerability-support," reads a Zyxel security advisory.

Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks.

Widely used modems in industrial IoT devices open to SMS attack.

Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw.


News URL

https://www.bleepingcomputer.com/news/security/zyxel-issues-emergency-rce-patch-for-end-of-life-nas-devices/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 378 0 69 85 46 200