Security News > 2024 > June > Zyxel issues emergency RCE patch for end-of-life NAS devices
Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life.
Although both NAS models reached the end of their support period on December 31, 2023, Zyxel released fixes for the three critical flaws in versions 5.21(AAZF.17)C0 for NAS326 and 5.21(ABAG.14)C0 for NAS542.
"Due to the critical severity of vulnerabilities CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974, Zyxel has made patches available to customers despite the products already having reached end-of-vulnerability-support," reads a Zyxel security advisory.
Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks.
Widely used modems in industrial IoT devices open to SMS attack.
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw.
News URL
Related news
- Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast (source)
- Exploit released for maximum severity Fortinet RCE bug, patch now (source)
- Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models (source)
- Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes (source)
- Zyxel patches critical flaws in EOL NAS devices (source)
- Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast (source)
- Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- 'Mirai-like' botnet observed attacking EOL Zyxel NAS devices (source)